Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/455276?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/455276?format=api", "purl": "pkg:composer/froxlor/froxlor@0.10.0-rc2", "type": "composer", "namespace": "froxlor", "name": "froxlor", "version": "0.10.0-rc2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.3.7", "latest_non_vulnerable_version": "2.3.7", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/148176?format=api", "vulnerability_id": "VCID-13gb-yr6z-n7cc", "summary": "Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0877", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00457", "scoring_system": "epss", "scoring_elements": "0.64459", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00457", "scoring_system": "epss", "scoring_elements": "0.6445", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00457", "scoring_system": "epss", "scoring_elements": "0.64463", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00457", "scoring_system": "epss", "scoring_elements": "0.64348", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0877" }, { "reference_url": "https://github.com/Froxlor/Froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Froxlor/Froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0877", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0877" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/aa48ffca2bcaf7ae57be3b8147bb3138abdab984", "reference_id": "aa48ffca2bcaf7ae57be3b8147bb3138abdab984", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-18T16:01:03Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/aa48ffca2bcaf7ae57be3b8147bb3138abdab984" }, { "reference_url": "https://huntr.dev/bounties/b29cf038-06f1-4fb0-9437-08f2991f92a8", "reference_id": "b29cf038-06f1-4fb0-9437-08f2991f92a8", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-18T16:01:03Z/" } ], "url": "https://huntr.dev/bounties/b29cf038-06f1-4fb0-9437-08f2991f92a8" }, { "reference_url": "https://github.com/advisories/GHSA-vp4r-h765-5mwp", "reference_id": "GHSA-vp4r-h765-5mwp", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vp4r-h765-5mwp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380400?format=api", "purl": "pkg:composer/froxlor/froxlor@2.0.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-38ph-pcue-zydu" }, { "vulnerability": "VCID-44fu-9q5x-uuf8" }, { "vulnerability": "VCID-7e6h-qe19-jken" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-dptm-3z1r-bubj" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-f15s-unrj-57ax" }, { "vulnerability": "VCID-gfgb-su1s-ubaj" }, { "vulnerability": "VCID-hhmm-9bdt-fyb5" }, { "vulnerability": "VCID-jvvz-9twe-8fb1" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tk6b-p759-jyfv" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-u4pt-mr2z-j3f2" }, { "vulnerability": "VCID-vbvy-j84s-zygu" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" }, { "vulnerability": "VCID-x93s-u6kq-fbbe" }, { "vulnerability": "VCID-xpgs-hpf3-3qff" }, { "vulnerability": "VCID-y4zg-wf1d-4bcm" }, { "vulnerability": "VCID-yqdf-v5wf-j3bj" }, { "vulnerability": "VCID-zrvp-d87z-p7dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.11" } ], "aliases": [ "CVE-2023-0877", "GHSA-vp4r-h765-5mwp" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-13gb-yr6z-n7cc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66448?format=api", "vulnerability_id": "VCID-1rwn-9phn-kkb4", "summary": "Froxlor is open source server administration software. Prior to version 2.3.5, the DomainZones.add API endpoint (accessible to customers with DNS enabled) does not validate the content field for several DNS record types (LOC, RP, SSHFP, TLSA). An attacker can inject newlines and BIND zone file directives (e.g. $INCLUDE) into the zone file that gets written to disk when the DNS rebuild cron job runs. This issue has been patched in version 2.3.5.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-30932", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07562", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07584", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07598", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07593", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-30932" }, { "reference_url": "https://github.com/froxlor/froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/froxlor" }, { "reference_url": "https://github.com/froxlor/froxlor/releases/tag/2.3.5", "reference_id": "2.3.5", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T13:30:29Z/" } ], "url": "https://github.com/froxlor/froxlor/releases/tag/2.3.5" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/b34829262dc32818b37f6a1eabb426d0b277a86b", "reference_id": "b34829262dc32818b37f6a1eabb426d0b277a86b", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T13:30:29Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/b34829262dc32818b37f6a1eabb426d0b277a86b" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30932", "reference_id": "CVE-2026-30932", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30932" }, { "reference_url": "https://github.com/advisories/GHSA-x6w6-2xwp-3jh6", "reference_id": "GHSA-x6w6-2xwp-3jh6", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x6w6-2xwp-3jh6" }, { "reference_url": "https://github.com/froxlor/froxlor/security/advisories/GHSA-x6w6-2xwp-3jh6", "reference_id": "GHSA-x6w6-2xwp-3jh6", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T13:30:29Z/" } ], "url": "https://github.com/froxlor/froxlor/security/advisories/GHSA-x6w6-2xwp-3jh6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374976?format=api", "purl": "pkg:composer/froxlor/froxlor@2.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.3.5" } ], "aliases": [ "CVE-2026-30932", "GHSA-x6w6-2xwp-3jh6" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1rwn-9phn-kkb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/147963?format=api", "vulnerability_id": "VCID-2mym-uwpj-v3he", "summary": "Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0572", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47759", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47739", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47743", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47603", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0572" }, { "reference_url": "https://github.com/Froxlor/Froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Froxlor/Froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0572", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0572" }, { "reference_url": "https://huntr.dev/bounties/4ab24ee2-3ff6-4248-9555-0af3e5f754ec", "reference_id": "4ab24ee2-3ff6-4248-9555-0af3e5f754ec", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-28T15:42:38Z/" } ], "url": "https://huntr.dev/bounties/4ab24ee2-3ff6-4248-9555-0af3e5f754ec" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/7b08a71c59430d06c1efb012a6c6448262aacdb1", "reference_id": "7b08a71c59430d06c1efb012a6c6448262aacdb1", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-28T15:42:38Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/7b08a71c59430d06c1efb012a6c6448262aacdb1" }, { "reference_url": "https://github.com/advisories/GHSA-3chw-8jq2-w769", "reference_id": "GHSA-3chw-8jq2-w769", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3chw-8jq2-w769" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379862?format=api", "purl": "pkg:composer/froxlor/froxlor@2.0.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13gb-yr6z-n7cc" }, { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-38ph-pcue-zydu" }, { "vulnerability": "VCID-44fu-9q5x-uuf8" }, { "vulnerability": "VCID-7e6h-qe19-jken" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-dptm-3z1r-bubj" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-f15s-unrj-57ax" }, { "vulnerability": "VCID-gfgb-su1s-ubaj" }, { "vulnerability": "VCID-hhmm-9bdt-fyb5" }, { "vulnerability": "VCID-jvvz-9twe-8fb1" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-nf6w-t7ew-ryde" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tk6b-p759-jyfv" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-u4pt-mr2z-j3f2" }, { "vulnerability": "VCID-vbvy-j84s-zygu" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" }, { "vulnerability": "VCID-x93s-u6kq-fbbe" }, { "vulnerability": "VCID-xpgs-hpf3-3qff" }, { "vulnerability": "VCID-y4zg-wf1d-4bcm" }, { "vulnerability": "VCID-yqdf-v5wf-j3bj" }, { "vulnerability": "VCID-zrvp-d87z-p7dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.10" } ], "aliases": [ "CVE-2023-0572", "GHSA-3chw-8jq2-w769" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2mym-uwpj-v3he" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/140156?format=api", "vulnerability_id": "VCID-38ph-pcue-zydu", "summary": "Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4304", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46923", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46919", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46938", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46782", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4304" }, { "reference_url": "https://github.com/Froxlor/Froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Froxlor/Froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4304", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4304" }, { "reference_url": "https://huntr.dev/bounties/59fe5037-b253-4b0f-be69-1d2e4af8b4a9", "reference_id": "59fe5037-b253-4b0f-be69-1d2e4af8b4a9", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:04:29Z/" } ], "url": "https://huntr.dev/bounties/59fe5037-b253-4b0f-be69-1d2e4af8b4a9" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/ce9a5f97a3edb30c7d33878765d3c014a6583597", "reference_id": "ce9a5f97a3edb30c7d33878765d3c014a6583597", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:04:29Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/ce9a5f97a3edb30c7d33878765d3c014a6583597" }, { "reference_url": "https://github.com/advisories/GHSA-9rmf-6qgj-g3wj", "reference_id": "GHSA-9rmf-6qgj-g3wj", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9rmf-6qgj-g3wj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379183?format=api", "purl": "pkg:composer/froxlor/froxlor@2.0.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-7e6h-qe19-jken" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-dptm-3z1r-bubj" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-jvvz-9twe-8fb1" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tk6b-p759-jyfv" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-u4pt-mr2z-j3f2" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" }, { "vulnerability": "VCID-x93s-u6kq-fbbe" }, { "vulnerability": "VCID-yqdf-v5wf-j3bj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.22" } ], "aliases": [ "CVE-2023-4304", "GHSA-9rmf-6qgj-g3wj" ], "risk_score": 1.7, "exploitability": "0.5", "weighted_severity": "3.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-38ph-pcue-zydu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/150740?format=api", "vulnerability_id": "VCID-44fu-9q5x-uuf8", "summary": "Allocation of Resources Without Limits or Throttling in GitHub repository froxlor/froxlor prior to 2.0.16.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2666", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.4409", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.44251", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.44244", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.44263", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2666" }, { "reference_url": "https://github.com/froxlor/froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2666", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2666" }, { "reference_url": "https://huntr.dev/bounties/0bbdc9d4-d9dc-4490-93ef-0a83b451a20f", "reference_id": "0bbdc9d4-d9dc-4490-93ef-0a83b451a20f", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-24T15:58:44Z/" } ], "url": "https://huntr.dev/bounties/0bbdc9d4-d9dc-4490-93ef-0a83b451a20f" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/1679675aa1c29d24344dd2e091ff252accb111d6", "reference_id": "1679675aa1c29d24344dd2e091ff252accb111d6", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-24T15:58:44Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/1679675aa1c29d24344dd2e091ff252accb111d6" }, { "reference_url": "https://github.com/advisories/GHSA-4gm9-c9jq-g523", "reference_id": "GHSA-4gm9-c9jq-g523", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4gm9-c9jq-g523" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/382068?format=api", "purl": "pkg:composer/froxlor/froxlor@2.0.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-38ph-pcue-zydu" }, { "vulnerability": "VCID-7e6h-qe19-jken" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-dptm-3z1r-bubj" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-f15s-unrj-57ax" }, { "vulnerability": "VCID-gfgb-su1s-ubaj" }, { "vulnerability": "VCID-jvvz-9twe-8fb1" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tk6b-p759-jyfv" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-u4pt-mr2z-j3f2" }, { "vulnerability": "VCID-vbvy-j84s-zygu" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" }, { "vulnerability": "VCID-x93s-u6kq-fbbe" }, { "vulnerability": "VCID-y4zg-wf1d-4bcm" }, { "vulnerability": "VCID-yqdf-v5wf-j3bj" }, { "vulnerability": "VCID-zrvp-d87z-p7dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.16" } ], "aliases": [ "CVE-2023-2666", "GHSA-4gm9-c9jq-g523" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-44fu-9q5x-uuf8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/108866?format=api", "vulnerability_id": "VCID-7e6h-qe19-jken", "summary": "Froxlor is open-source server administration software. A vulnerability in versions prior to 2.2.6 allows users (such as resellers or customers) to create accounts with the same email address as an existing account. This creates potential issues with account identification and security. This vulnerability can be exploited by authenticated users (e.g., reseller, customer) who can create accounts with the same email address that has already been used by another account, such as the admin. The attack vector is email-based, as the system does not prevent multiple accounts from registering the same email address, leading to possible conflicts and security issues. Version 2.2.6 fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-29773", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25531", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25515", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25512", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25314", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-29773" }, { "reference_url": "https://github.com/froxlor/Froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/Froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29773", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29773" }, { "reference_url": "https://github.com/froxlor/Froxlor/commit/a43d53d54034805e3e404702a01312fa0c40b623", "reference_id": "a43d53d54034805e3e404702a01312fa0c40b623", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-13T18:30:51Z/" } ], "url": "https://github.com/froxlor/Froxlor/commit/a43d53d54034805e3e404702a01312fa0c40b623" }, { "reference_url": "https://github.com/advisories/GHSA-7j6w-p859-464f", "reference_id": "GHSA-7j6w-p859-464f", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7j6w-p859-464f" }, { "reference_url": "https://github.com/froxlor/Froxlor/security/advisories/GHSA-7j6w-p859-464f", "reference_id": "GHSA-7j6w-p859-464f", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-13T18:30:51Z/" } ], "url": "https://github.com/froxlor/Froxlor/security/advisories/GHSA-7j6w-p859-464f" }, { "reference_url": "https://mega.nz/file/h8oFHQrL#I4V02_BWee4CCx7OoBl_2Ufkd5Wc7fvs5aCatGApkoQ", "reference_id": "h8oFHQrL#I4V02_BWee4CCx7OoBl_2Ufkd5Wc7fvs5aCatGApkoQ", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-13T18:30:51Z/" } ], "url": "https://mega.nz/file/h8oFHQrL#I4V02_BWee4CCx7OoBl_2Ufkd5Wc7fvs5aCatGApkoQ" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/378109?format=api", "purl": "pkg:composer/froxlor/froxlor@2.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.2.6" } ], "aliases": [ "CVE-2025-29773", "GHSA-7j6w-p859-464f" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7e6h-qe19-jken" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/168754?format=api", "vulnerability_id": "VCID-8c8t-7j1p-3baa", "summary": "Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4867", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.35968", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.36159", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.36148", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.3617", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4867" }, { "reference_url": "https://github.com/froxlor/froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4867", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4867" }, { "reference_url": "https://huntr.dev/bounties/c91364dd-9ead-4bf3-96e6-663a017e08fa", "reference_id": "c91364dd-9ead-4bf3-96e6-663a017e08fa", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T14:43:03Z/" } ], "url": "https://huntr.dev/bounties/c91364dd-9ead-4bf3-96e6-663a017e08fa" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/f7f356e896173558248c43f4f68612f78e73a65d", "reference_id": "f7f356e896173558248c43f4f68612f78e73a65d", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T14:43:03Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/f7f356e896173558248c43f4f68612f78e73a65d" }, { "reference_url": "https://github.com/advisories/GHSA-6gwx-gw56-qhf7", "reference_id": "GHSA-6gwx-gw56-qhf7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6gwx-gw56-qhf7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/383928?format=api", "purl": "pkg:composer/froxlor/froxlor@2.0.0-beta1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.0-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/380013?format=api", "purl": "pkg:composer/froxlor/froxlor@2.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13gb-yr6z-n7cc" }, { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-2mym-uwpj-v3he" }, { "vulnerability": "VCID-38ph-pcue-zydu" }, { "vulnerability": "VCID-44fu-9q5x-uuf8" }, { "vulnerability": "VCID-7e6h-qe19-jken" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-d48t-6m2w-s7h2" }, { "vulnerability": "VCID-dptm-3z1r-bubj" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-f15s-unrj-57ax" }, { "vulnerability": "VCID-gfgb-su1s-ubaj" }, { "vulnerability": "VCID-hhmm-9bdt-fyb5" }, { "vulnerability": "VCID-hr4y-q8gp-5ua5" }, { "vulnerability": "VCID-hs15-esbz-bfhb" }, { "vulnerability": "VCID-jvvz-9twe-8fb1" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-nf6w-t7ew-ryde" }, { "vulnerability": "VCID-p242-zj5r-7faw" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tk6b-p759-jyfv" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-u4pt-mr2z-j3f2" }, { "vulnerability": "VCID-unh1-2xmh-qbcs" }, { "vulnerability": "VCID-vbvy-j84s-zygu" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" }, { "vulnerability": "VCID-x93s-u6kq-fbbe" }, { "vulnerability": "VCID-xpgs-hpf3-3qff" }, { "vulnerability": "VCID-y4zg-wf1d-4bcm" }, { "vulnerability": "VCID-yqdf-v5wf-j3bj" }, { "vulnerability": "VCID-zrvp-d87z-p7dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.0" } ], "aliases": [ "CVE-2022-4867", "GHSA-6gwx-gw56-qhf7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8c8t-7j1p-3baa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/320321?format=api", "vulnerability_id": "VCID-8t9k-hvwr-xubb", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10237", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23156", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23351", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23364", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23343", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10237" }, { "reference_url": "https://bugzilla.suse.com/show_bug.cgi?id=1165719", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1165719" }, { "reference_url": "https://github.com/Froxlor/Froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Froxlor/Froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10237", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10237" }, { "reference_url": "https://github.com/advisories/GHSA-j9wr-mj69-cqmv", "reference_id": "GHSA-j9wr-mj69-cqmv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j9wr-mj69-cqmv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23731?format=api", "purl": "pkg:composer/froxlor/froxlor@0.10.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13gb-yr6z-n7cc" }, { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-2mym-uwpj-v3he" }, { "vulnerability": "VCID-38ph-pcue-zydu" }, { "vulnerability": "VCID-44fu-9q5x-uuf8" }, { "vulnerability": "VCID-7e6h-qe19-jken" }, { "vulnerability": "VCID-8c8t-7j1p-3baa" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-d48t-6m2w-s7h2" }, { "vulnerability": "VCID-dptm-3z1r-bubj" }, { "vulnerability": "VCID-e8hu-xceh-cygy" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-f15s-unrj-57ax" }, { "vulnerability": "VCID-gfgb-su1s-ubaj" }, { "vulnerability": "VCID-gxb4-1jgt-z3a8" }, { "vulnerability": "VCID-gyny-xdxc-vyg7" }, { "vulnerability": "VCID-hhky-38kt-9fcd" }, { "vulnerability": "VCID-hhmm-9bdt-fyb5" }, { "vulnerability": "VCID-hr4y-q8gp-5ua5" }, { "vulnerability": "VCID-hs15-esbz-bfhb" }, { "vulnerability": "VCID-hwdk-umd9-pbhp" }, { "vulnerability": "VCID-jvvz-9twe-8fb1" }, { "vulnerability": "VCID-mgwv-2pj5-pqav" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-nf6w-t7ew-ryde" }, { "vulnerability": "VCID-p242-zj5r-7faw" }, { "vulnerability": "VCID-p627-qr92-mkdp" }, { "vulnerability": "VCID-qyzq-4avu-zugu" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tk6b-p759-jyfv" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-u4pt-mr2z-j3f2" }, { "vulnerability": "VCID-unh1-2xmh-qbcs" }, { "vulnerability": "VCID-vbvy-j84s-zygu" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" }, { "vulnerability": "VCID-x93s-u6kq-fbbe" }, { "vulnerability": "VCID-xpgs-hpf3-3qff" }, { "vulnerability": "VCID-y4zg-wf1d-4bcm" }, { "vulnerability": "VCID-yqdf-v5wf-j3bj" }, { "vulnerability": "VCID-zrvp-d87z-p7dy" }, { "vulnerability": "VCID-ztuh-9qmx-pkf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@0.10.16" } ], "aliases": [ "CVE-2020-10237", "GHSA-j9wr-mj69-cqmv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8t9k-hvwr-xubb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80823?format=api", "vulnerability_id": "VCID-9t9n-1hhp-3yga", "summary": "Froxlor is open source server administration software. Prior to version 2.3.6, the Froxlor API endpoint `Customers.update` (and `Admins.update`) does not validate the `def_language` parameter against the list of available language files. An authenticated customer can set `def_language` to a path traversal payload (e.g., `../../../../../var/customers/webs/customer1/evil`), which is stored in the database. On subsequent requests, `Language::loadLanguage()` constructs a file path using this value and executes it via `require`, achieving arbitrary PHP code execution as the web server user. Version 2.3.6 fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41228", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24712", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24906", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24911", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24922", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41228" }, { "reference_url": "https://github.com/froxlor/froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41228", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41228" }, { "reference_url": "https://github.com/froxlor/froxlor/releases/tag/2.3.6", "reference_id": "2.3.6", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-23T14:46:42Z/" } ], "url": "https://github.com/froxlor/froxlor/releases/tag/2.3.6" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/bc5e6dbaa90e6f3573129da640595e8c770e1d0c", "reference_id": "bc5e6dbaa90e6f3573129da640595e8c770e1d0c", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-23T14:46:42Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/bc5e6dbaa90e6f3573129da640595e8c770e1d0c" }, { "reference_url": "https://github.com/advisories/GHSA-w59f-67xm-rxx7", "reference_id": "GHSA-w59f-67xm-rxx7", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w59f-67xm-rxx7" }, { "reference_url": "https://github.com/froxlor/froxlor/security/advisories/GHSA-w59f-67xm-rxx7", "reference_id": "GHSA-w59f-67xm-rxx7", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-23T14:46:42Z/" } ], "url": "https://github.com/froxlor/froxlor/security/advisories/GHSA-w59f-67xm-rxx7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/41711?format=api", "purl": "pkg:composer/froxlor/froxlor@2.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46tt-1n8z-xuct" }, { "vulnerability": "VCID-kjsn-vrac-67f9" }, { "vulnerability": "VCID-uyv2-5ka7-pufp" }, { "vulnerability": "VCID-vvvf-273x-s3g8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.3.6" } ], "aliases": [ "CVE-2026-41228", "GHSA-w59f-67xm-rxx7" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9t9n-1hhp-3yga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80673?format=api", "vulnerability_id": "VCID-atns-wuzm-kqh2", "summary": "Froxlor is open source server administration software. Prior to version 2.3.6, `DomainZones::add()` accepts arbitrary DNS record types without a whitelist and does not sanitize newline characters in the `content` field. When a DNS type not covered by the if/elseif validation chain is submitted (e.g., `NAPTR`, `PTR`, `HINFO`), content validation is entirely bypassed. Embedded newline characters in the content survive `trim()` processing, are stored in the database, and are written directly into BIND zone files via `DnsEntry::__toString()`. An authenticated customer can inject arbitrary DNS records and BIND directives (`$INCLUDE`, `$ORIGIN`, `$GENERATE`) into their domain's zone file. Version 2.3.6 fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41230", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18253", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18414", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18416", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18437", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41230" }, { "reference_url": "https://github.com/froxlor/froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41230", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41230" }, { "reference_url": "https://github.com/froxlor/froxlor/releases/tag/2.3.6", "reference_id": "2.3.6", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T13:58:05Z/" } ], "url": "https://github.com/froxlor/froxlor/releases/tag/2.3.6" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/47a8af5d9523cb6ec94567405cfc2e294d3a1442", "reference_id": "47a8af5d9523cb6ec94567405cfc2e294d3a1442", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T13:58:05Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/47a8af5d9523cb6ec94567405cfc2e294d3a1442" }, { "reference_url": "https://github.com/advisories/GHSA-47hf-23pw-3m8c", "reference_id": "GHSA-47hf-23pw-3m8c", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-47hf-23pw-3m8c" }, { "reference_url": "https://github.com/froxlor/froxlor/security/advisories/GHSA-47hf-23pw-3m8c", "reference_id": "GHSA-47hf-23pw-3m8c", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T13:58:05Z/" } ], "url": "https://github.com/froxlor/froxlor/security/advisories/GHSA-47hf-23pw-3m8c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/41711?format=api", "purl": "pkg:composer/froxlor/froxlor@2.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46tt-1n8z-xuct" }, { "vulnerability": "VCID-kjsn-vrac-67f9" }, { "vulnerability": "VCID-uyv2-5ka7-pufp" }, { "vulnerability": "VCID-vvvf-273x-s3g8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.3.6" } ], "aliases": [ "CVE-2026-41230", "GHSA-47hf-23pw-3m8c" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-atns-wuzm-kqh2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/320320?format=api", "vulnerability_id": "VCID-ckyn-q7qk-yqad", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10236", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33801", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33979", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34002", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33981", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10236" }, { "reference_url": "https://bugzilla.suse.com/show_bug.cgi?id=1165718", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1165718" }, { "reference_url": "https://github.com/Froxlor/Froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Froxlor/Froxlor" }, { "reference_url": "https://github.com/Froxlor/Froxlor/commit/6b09720ef8a1cc008751dd0ca0140a0597fedce5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Froxlor/Froxlor/commit/6b09720ef8a1cc008751dd0ca0140a0597fedce5" }, { "reference_url": "https://github.com/Froxlor/Froxlor/compare/0.10.13...0.10.14", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Froxlor/Froxlor/compare/0.10.13...0.10.14" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10236", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10236" }, { "reference_url": "https://github.com/advisories/GHSA-hvgf-2rf7-wrx9", "reference_id": "GHSA-hvgf-2rf7-wrx9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hvgf-2rf7-wrx9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/384616?format=api", "purl": "pkg:composer/froxlor/froxlor@0.10.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13gb-yr6z-n7cc" }, { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-2mym-uwpj-v3he" }, { "vulnerability": "VCID-38ph-pcue-zydu" }, { "vulnerability": "VCID-44fu-9q5x-uuf8" }, { "vulnerability": "VCID-7e6h-qe19-jken" }, { "vulnerability": "VCID-8c8t-7j1p-3baa" }, { "vulnerability": "VCID-8t9k-hvwr-xubb" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-d48t-6m2w-s7h2" }, { "vulnerability": "VCID-dptm-3z1r-bubj" }, { "vulnerability": "VCID-e8hu-xceh-cygy" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-f15s-unrj-57ax" }, { "vulnerability": "VCID-gfgb-su1s-ubaj" }, { "vulnerability": "VCID-gxb4-1jgt-z3a8" }, { "vulnerability": "VCID-gyny-xdxc-vyg7" }, { "vulnerability": "VCID-hhky-38kt-9fcd" }, { "vulnerability": "VCID-hhmm-9bdt-fyb5" }, { "vulnerability": "VCID-hr4y-q8gp-5ua5" }, { "vulnerability": "VCID-hs15-esbz-bfhb" }, { "vulnerability": "VCID-hwdk-umd9-pbhp" }, { "vulnerability": "VCID-jvvz-9twe-8fb1" }, { "vulnerability": "VCID-mgwv-2pj5-pqav" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-nf6w-t7ew-ryde" }, { "vulnerability": "VCID-p242-zj5r-7faw" }, { "vulnerability": "VCID-p627-qr92-mkdp" }, { "vulnerability": "VCID-qyzq-4avu-zugu" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tk6b-p759-jyfv" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-u4pt-mr2z-j3f2" }, { "vulnerability": "VCID-unh1-2xmh-qbcs" }, { "vulnerability": "VCID-vbvy-j84s-zygu" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" }, { "vulnerability": "VCID-x93s-u6kq-fbbe" }, { "vulnerability": "VCID-xpgs-hpf3-3qff" }, { "vulnerability": "VCID-y4zg-wf1d-4bcm" }, { "vulnerability": "VCID-yqdf-v5wf-j3bj" }, { "vulnerability": "VCID-zrvp-d87z-p7dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@0.10.14" } ], "aliases": [ "CVE-2020-10236", "GHSA-hvgf-2rf7-wrx9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ckyn-q7qk-yqad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/148389?format=api", "vulnerability_id": "VCID-d48t-6m2w-s7h2", "summary": "Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.10.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0565", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43294", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43305", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43314", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43137", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0565" }, { "reference_url": "https://github.com/Froxlor/Froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Froxlor/Froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0565", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0565" }, { "reference_url": "https://huntr.dev/bounties/12d78294-1723-4450-a239-023952666102", "reference_id": "12d78294-1723-4450-a239-023952666102", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-28T15:45:44Z/" } ], "url": "https://huntr.dev/bounties/12d78294-1723-4450-a239-023952666102" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/2feb8020941a82bfb4ac68890f6ced0e5b3c4a15", "reference_id": "2feb8020941a82bfb4ac68890f6ced0e5b3c4a15", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-28T15:45:44Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/2feb8020941a82bfb4ac68890f6ced0e5b3c4a15" }, { "reference_url": "https://github.com/advisories/GHSA-vqqm-c9gx-773q", "reference_id": "GHSA-vqqm-c9gx-773q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vqqm-c9gx-773q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379862?format=api", "purl": "pkg:composer/froxlor/froxlor@2.0.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13gb-yr6z-n7cc" }, { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-38ph-pcue-zydu" }, { "vulnerability": "VCID-44fu-9q5x-uuf8" }, { "vulnerability": "VCID-7e6h-qe19-jken" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-dptm-3z1r-bubj" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-f15s-unrj-57ax" }, { "vulnerability": "VCID-gfgb-su1s-ubaj" }, { "vulnerability": "VCID-hhmm-9bdt-fyb5" }, { "vulnerability": "VCID-jvvz-9twe-8fb1" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-nf6w-t7ew-ryde" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tk6b-p759-jyfv" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-u4pt-mr2z-j3f2" }, { "vulnerability": "VCID-vbvy-j84s-zygu" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" }, { "vulnerability": "VCID-x93s-u6kq-fbbe" }, { "vulnerability": "VCID-xpgs-hpf3-3qff" }, { "vulnerability": "VCID-y4zg-wf1d-4bcm" }, { "vulnerability": "VCID-yqdf-v5wf-j3bj" }, { "vulnerability": "VCID-zrvp-d87z-p7dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.10" } ], "aliases": [ "CVE-2023-0565", "GHSA-vqqm-c9gx-773q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d48t-6m2w-s7h2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49786?format=api", "vulnerability_id": "VCID-dptm-3z1r-bubj", "summary": "Froxlor is open source server administration software. Prior to 2.1.9, a Stored Blind Cross-Site Scripting (XSS) vulnerability was identified in the Failed Login Attempts Logging Feature of the Froxlor Application. An unauthenticated User can inject malicious scripts in the loginname parameter on the Login attempt, which will then be executed when viewed by the Administrator in the System Logs. By exploiting this vulnerability, the attacker can perform various malicious actions such as forcing the Administrator to execute actions without their knowledge or consent. For instance, the attacker can force the Administrator to add a new administrator controlled by the attacker, thereby giving the attacker full control over the application. This vulnerability is fixed in 2.1.9.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34070", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00976", "scoring_system": "epss", "scoring_elements": "0.77122", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00976", "scoring_system": "epss", "scoring_elements": "0.77197", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00976", "scoring_system": "epss", "scoring_elements": "0.77193", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00976", "scoring_system": "epss", "scoring_elements": "0.77205", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34070" }, { "reference_url": "https://github.com/froxlor/Froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/Froxlor" }, { "reference_url": "https://github.com/froxlor/Froxlor/commit/a862307bce5cdfb1c208b835f3e8faddd23046e6", "reference_id": "a862307bce5cdfb1c208b835f3e8faddd23046e6", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "9.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-10T20:22:17Z/" } ], "url": "https://github.com/froxlor/Froxlor/commit/a862307bce5cdfb1c208b835f3e8faddd23046e6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34070", "reference_id": "CVE-2024-34070", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34070" }, { "reference_url": "https://github.com/advisories/GHSA-x525-54hf-xr53", "reference_id": "GHSA-x525-54hf-xr53", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x525-54hf-xr53" }, { "reference_url": "https://github.com/froxlor/Froxlor/security/advisories/GHSA-x525-54hf-xr53", "reference_id": "GHSA-x525-54hf-xr53", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "9.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-10T20:22:17Z/" } ], "url": "https://github.com/froxlor/Froxlor/security/advisories/GHSA-x525-54hf-xr53" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30983?format=api", "purl": "pkg:composer/froxlor/froxlor@2.1.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-7e6h-qe19-jken" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-jvvz-9twe-8fb1" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-u4pt-mr2z-j3f2" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.1.9" } ], "aliases": [ "CVE-2024-34070", "GHSA-x525-54hf-xr53" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dptm-3z1r-bubj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/210548?format=api", "vulnerability_id": "VCID-e8hu-xceh-cygy", "summary": "Froxlor SQL injection vulnerability", "references": [ { "reference_url": "http://packetstormsecurity.com/files/164800/Froxlor-0.10.29.1-SQL-Injection.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/164800/Froxlor-0.10.29.1-SQL-Injection.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42325", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05516", "scoring_system": "epss", "scoring_elements": "0.90449", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.05516", "scoring_system": "epss", "scoring_elements": "0.90487", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.05516", "scoring_system": "epss", "scoring_elements": "0.90479", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42325" }, { "reference_url": "https://github.com/Froxlor/Froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Froxlor/Froxlor" }, { "reference_url": "https://github.com/Froxlor/Froxlor/commit/eb592340b022298f62a0a3e8450dbfbe29585782", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Froxlor/Froxlor/commit/eb592340b022298f62a0a3e8450dbfbe29585782" }, { "reference_url": "https://www.exploit-db.com/exploits/50502", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/50502" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/50502.txt", "reference_id": "CVE-2021-42325", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/50502.txt" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42325", "reference_id": "CVE-2021-42325", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42325" }, { "reference_url": "https://github.com/advisories/GHSA-6fvw-x6gw-4wv8", "reference_id": "GHSA-6fvw-x6gw-4wv8", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6fvw-x6gw-4wv8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23706?format=api", "purl": "pkg:composer/froxlor/froxlor@0.10.30", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13gb-yr6z-n7cc" }, { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-2mym-uwpj-v3he" }, { "vulnerability": "VCID-38ph-pcue-zydu" }, { "vulnerability": "VCID-44fu-9q5x-uuf8" }, { "vulnerability": "VCID-7e6h-qe19-jken" }, { "vulnerability": "VCID-8c8t-7j1p-3baa" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-d48t-6m2w-s7h2" }, { "vulnerability": "VCID-dptm-3z1r-bubj" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-f15s-unrj-57ax" }, { "vulnerability": "VCID-gfgb-su1s-ubaj" }, { "vulnerability": "VCID-gxb4-1jgt-z3a8" }, { "vulnerability": "VCID-gyny-xdxc-vyg7" }, { "vulnerability": "VCID-hhky-38kt-9fcd" }, { "vulnerability": "VCID-hhmm-9bdt-fyb5" }, { "vulnerability": "VCID-hr4y-q8gp-5ua5" }, { "vulnerability": "VCID-hs15-esbz-bfhb" }, { "vulnerability": "VCID-jvvz-9twe-8fb1" }, { "vulnerability": "VCID-mgwv-2pj5-pqav" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-nf6w-t7ew-ryde" }, { "vulnerability": "VCID-p242-zj5r-7faw" }, { "vulnerability": "VCID-p627-qr92-mkdp" }, { "vulnerability": "VCID-qyzq-4avu-zugu" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tk6b-p759-jyfv" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-u4pt-mr2z-j3f2" }, { "vulnerability": "VCID-unh1-2xmh-qbcs" }, { "vulnerability": "VCID-vbvy-j84s-zygu" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" }, { "vulnerability": "VCID-x93s-u6kq-fbbe" }, { "vulnerability": "VCID-xpgs-hpf3-3qff" }, { "vulnerability": "VCID-y4zg-wf1d-4bcm" }, { "vulnerability": "VCID-yqdf-v5wf-j3bj" }, { "vulnerability": "VCID-zrvp-d87z-p7dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@0.10.30" } ], "aliases": [ "CVE-2021-42325", "GHSA-6fvw-x6gw-4wv8" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e8hu-xceh-cygy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80834?format=api", "vulnerability_id": "VCID-ebbm-gvf6-xfbd", "summary": "Froxlor is open source server administration software. Prior to version 2.3.6, `PhpHelper::parseArrayToString()` writes string values into single-quoted PHP string literals without escaping single quotes. When an admin with `change_serversettings` permission adds or updates a MySQL server via the API, the `privileged_user` parameter (which has no input validation) is written unescaped into `lib/userdata.inc.php`. Since this file is `require`d on every request via `Database::getDB()`, an attacker can inject arbitrary PHP code that executes as the web server user on every subsequent page load. Version 2.3.6 contains a patch.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41229", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.2754", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27758", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27743", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27768", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41229" }, { "reference_url": "https://github.com/froxlor/froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41229", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41229" }, { "reference_url": "https://github.com/froxlor/froxlor/releases/tag/2.3.6", "reference_id": "2.3.6", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-23T12:31:11Z/" } ], "url": "https://github.com/froxlor/froxlor/releases/tag/2.3.6" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/3589ddf93ab59eb2a8971f0f56cbf6266d03c4ae", "reference_id": "3589ddf93ab59eb2a8971f0f56cbf6266d03c4ae", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-23T12:31:11Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/3589ddf93ab59eb2a8971f0f56cbf6266d03c4ae" }, { "reference_url": "https://github.com/advisories/GHSA-gc9w-cc93-rjv8", "reference_id": "GHSA-gc9w-cc93-rjv8", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gc9w-cc93-rjv8" }, { "reference_url": "https://github.com/froxlor/froxlor/security/advisories/GHSA-gc9w-cc93-rjv8", "reference_id": "GHSA-gc9w-cc93-rjv8", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-23T12:31:11Z/" } ], "url": "https://github.com/froxlor/froxlor/security/advisories/GHSA-gc9w-cc93-rjv8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/41711?format=api", "purl": "pkg:composer/froxlor/froxlor@2.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46tt-1n8z-xuct" }, { "vulnerability": "VCID-kjsn-vrac-67f9" }, { "vulnerability": "VCID-uyv2-5ka7-pufp" }, { "vulnerability": "VCID-vvvf-273x-s3g8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.3.6" } ], "aliases": [ "CVE-2026-41229", "GHSA-gc9w-cc93-rjv8" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ebbm-gvf6-xfbd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/151663?format=api", "vulnerability_id": "VCID-f15s-unrj-57ax", "summary": "Session Fixation in GitHub repository froxlor/froxlor prior to 2.1.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3192", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36562", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36573", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36727", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38195", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3192" }, { "reference_url": "https://github.com/froxlor/froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3192", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3192" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/94d9c3eedf31bc8447e3aa349e32880dde02ee52", "reference_id": "94d9c3eedf31bc8447e3aa349e32880dde02ee52", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-06T17:04:10Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/94d9c3eedf31bc8447e3aa349e32880dde02ee52" }, { "reference_url": "https://huntr.dev/bounties/f3644772-9c86-4f55-a0fa-aeb11f411551", "reference_id": "f3644772-9c86-4f55-a0fa-aeb11f411551", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-06T17:04:10Z/" } ], "url": "https://huntr.dev/bounties/f3644772-9c86-4f55-a0fa-aeb11f411551" }, { "reference_url": "https://github.com/advisories/GHSA-jr66-9ghf-6gp3", "reference_id": "GHSA-jr66-9ghf-6gp3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jr66-9ghf-6gp3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381932?format=api", "purl": "pkg:composer/froxlor/froxlor@2.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-7e6h-qe19-jken" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-dptm-3z1r-bubj" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-jvvz-9twe-8fb1" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-u4pt-mr2z-j3f2" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" }, { "vulnerability": "VCID-x93s-u6kq-fbbe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.1.0" } ], "aliases": [ "CVE-2023-3192", "GHSA-jr66-9ghf-6gp3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f15s-unrj-57ax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/320319?format=api", "vulnerability_id": "VCID-fcst-mqr9-y3gn", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10235", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00665", "scoring_system": "epss", "scoring_elements": "0.71782", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.007", "scoring_system": "epss", "scoring_elements": "0.72474", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.007", "scoring_system": "epss", "scoring_elements": "0.72552", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.007", "scoring_system": "epss", "scoring_elements": "0.72566", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10235" }, { "reference_url": "https://bugzilla.suse.com/show_bug.cgi?id=1165721", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1165721" }, { "reference_url": "https://github.com/Froxlor/Froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Froxlor/Froxlor" }, { "reference_url": "https://github.com/Froxlor/Froxlor/commit/62ce21c9ec393f9962515c88f0c489ace42bf656", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Froxlor/Froxlor/commit/62ce21c9ec393f9962515c88f0c489ace42bf656" }, { "reference_url": "https://github.com/Froxlor/Froxlor/commit/7e361274c5bf687b6a42dd1871f6d75506c5d207", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Froxlor/Froxlor/commit/7e361274c5bf687b6a42dd1871f6d75506c5d207" }, { "reference_url": "https://github.com/Froxlor/Froxlor/compare/0.10.13...0.10.14", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Froxlor/Froxlor/compare/0.10.13...0.10.14" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10235", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10235" }, { "reference_url": "https://github.com/advisories/GHSA-p29c-jpgj-v57r", "reference_id": "GHSA-p29c-jpgj-v57r", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p29c-jpgj-v57r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/384616?format=api", "purl": "pkg:composer/froxlor/froxlor@0.10.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13gb-yr6z-n7cc" }, { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-2mym-uwpj-v3he" }, { "vulnerability": "VCID-38ph-pcue-zydu" }, { "vulnerability": "VCID-44fu-9q5x-uuf8" }, { "vulnerability": "VCID-7e6h-qe19-jken" }, { "vulnerability": "VCID-8c8t-7j1p-3baa" }, { "vulnerability": "VCID-8t9k-hvwr-xubb" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-d48t-6m2w-s7h2" }, { "vulnerability": "VCID-dptm-3z1r-bubj" }, { "vulnerability": "VCID-e8hu-xceh-cygy" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-f15s-unrj-57ax" }, { "vulnerability": "VCID-gfgb-su1s-ubaj" }, { "vulnerability": "VCID-gxb4-1jgt-z3a8" }, { "vulnerability": "VCID-gyny-xdxc-vyg7" }, { "vulnerability": "VCID-hhky-38kt-9fcd" }, { "vulnerability": "VCID-hhmm-9bdt-fyb5" }, { "vulnerability": "VCID-hr4y-q8gp-5ua5" }, { "vulnerability": "VCID-hs15-esbz-bfhb" }, { "vulnerability": "VCID-hwdk-umd9-pbhp" }, { "vulnerability": "VCID-jvvz-9twe-8fb1" }, { "vulnerability": "VCID-mgwv-2pj5-pqav" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-nf6w-t7ew-ryde" }, { "vulnerability": "VCID-p242-zj5r-7faw" }, { "vulnerability": "VCID-p627-qr92-mkdp" }, { "vulnerability": "VCID-qyzq-4avu-zugu" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tk6b-p759-jyfv" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-u4pt-mr2z-j3f2" }, { "vulnerability": "VCID-unh1-2xmh-qbcs" }, { "vulnerability": "VCID-vbvy-j84s-zygu" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" }, { "vulnerability": "VCID-x93s-u6kq-fbbe" }, { "vulnerability": "VCID-xpgs-hpf3-3qff" }, { "vulnerability": "VCID-y4zg-wf1d-4bcm" }, { "vulnerability": "VCID-yqdf-v5wf-j3bj" }, { "vulnerability": "VCID-zrvp-d87z-p7dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@0.10.14" } ], "aliases": [ "CVE-2020-10235", "GHSA-p29c-jpgj-v57r" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fcst-mqr9-y3gn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/151293?format=api", "vulnerability_id": "VCID-gfgb-su1s-ubaj", "summary": "Improper Restriction of Excessive Authentication Attempts in GitHub repository froxlor/froxlor prior to 2.0.20.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3173", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.335", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33676", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.3368", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33702", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3173" }, { "reference_url": "https://github.com/froxlor/froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3173", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3173" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/464216072456efb35b4541c58e7016463dfbd9a6", "reference_id": "464216072456efb35b4541c58e7016463dfbd9a6", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-01-06T17:11:52Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/464216072456efb35b4541c58e7016463dfbd9a6" }, { "reference_url": "https://huntr.dev/bounties/4d715f76-950d-4251-8139-3dffea798f14", "reference_id": "4d715f76-950d-4251-8139-3dffea798f14", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-01-06T17:11:52Z/" } ], "url": "https://huntr.dev/bounties/4d715f76-950d-4251-8139-3dffea798f14" }, { "reference_url": "https://github.com/advisories/GHSA-chw4-88xc-79w6", "reference_id": "GHSA-chw4-88xc-79w6", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-chw4-88xc-79w6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381608?format=api", "purl": "pkg:composer/froxlor/froxlor@2.0.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-38ph-pcue-zydu" }, { "vulnerability": "VCID-7e6h-qe19-jken" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-dptm-3z1r-bubj" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-f15s-unrj-57ax" }, { "vulnerability": "VCID-jvvz-9twe-8fb1" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tk6b-p759-jyfv" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-u4pt-mr2z-j3f2" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" }, { "vulnerability": "VCID-x93s-u6kq-fbbe" }, { "vulnerability": "VCID-y4zg-wf1d-4bcm" }, { "vulnerability": "VCID-yqdf-v5wf-j3bj" }, { "vulnerability": "VCID-zrvp-d87z-p7dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.20" } ], "aliases": [ "CVE-2023-3173", "GHSA-chw4-88xc-79w6" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gfgb-su1s-ubaj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/174823?format=api", "vulnerability_id": "VCID-gxb4-1jgt-z3a8", "summary": "Code Injection in GitHub repository froxlor/froxlor prior to 0.10.39.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3721", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00419", "scoring_system": "epss", "scoring_elements": "0.62328", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00419", "scoring_system": "epss", "scoring_elements": "0.62437", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00419", "scoring_system": "epss", "scoring_elements": "0.62429", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00419", "scoring_system": "epss", "scoring_elements": "0.62441", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3721" }, { "reference_url": "https://github.com/froxlor/froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/froxlor" }, { "reference_url": "https://huntr.com/bounties/a3c506f0-5f8a-4eaa-b8cc-46fb9e35cf7a", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.com/bounties/a3c506f0-5f8a-4eaa-b8cc-46fb9e35cf7a" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/1182453c18a83309a3470b2775c148ede740806c", "reference_id": "1182453c18a83309a3470b2775c148ede740806c", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L" }, { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-02T18:44:31Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/1182453c18a83309a3470b2775c148ede740806c" }, { "reference_url": "https://huntr.dev/bounties/a3c506f0-5f8a-4eaa-b8cc-46fb9e35cf7a", "reference_id": "a3c506f0-5f8a-4eaa-b8cc-46fb9e35cf7a", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L" }, { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-02T18:44:31Z/" } ], "url": "https://huntr.dev/bounties/a3c506f0-5f8a-4eaa-b8cc-46fb9e35cf7a" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3721", "reference_id": "CVE-2022-3721", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3721" }, { "reference_url": "https://github.com/advisories/GHSA-h95w-p3x6-wwj6", "reference_id": "GHSA-h95w-p3x6-wwj6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h95w-p3x6-wwj6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27753?format=api", "purl": "pkg:composer/froxlor/froxlor@0.10.39", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@0.10.39" } ], "aliases": [ "CVE-2022-3721", "GHSA-h95w-p3x6-wwj6" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gxb4-1jgt-z3a8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/168683?format=api", "vulnerability_id": "VCID-gyny-xdxc-vyg7", "summary": "Improper Authorization in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4868", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38208", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38393", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38382", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38404", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4868" }, { "reference_url": "https://github.com/froxlor/froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4868", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4868" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/0527f22dc942483430f8449e25a096bb8d683a5d", "reference_id": "0527f22dc942483430f8449e25a096bb8d683a5d", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T14:35:21Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/0527f22dc942483430f8449e25a096bb8d683a5d" }, { "reference_url": "https://huntr.dev/bounties/3a8f36ac-5eda-41e7-a9c4-e0f3d63e6e3b", "reference_id": "3a8f36ac-5eda-41e7-a9c4-e0f3d63e6e3b", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T14:35:21Z/" } ], "url": "https://huntr.dev/bounties/3a8f36ac-5eda-41e7-a9c4-e0f3d63e6e3b" }, { "reference_url": "https://github.com/advisories/GHSA-w6qf-j4qr-f946", "reference_id": "GHSA-w6qf-j4qr-f946", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w6qf-j4qr-f946" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/383928?format=api", "purl": "pkg:composer/froxlor/froxlor@2.0.0-beta1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.0-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/380013?format=api", "purl": "pkg:composer/froxlor/froxlor@2.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13gb-yr6z-n7cc" }, { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-2mym-uwpj-v3he" }, { "vulnerability": "VCID-38ph-pcue-zydu" }, { "vulnerability": "VCID-44fu-9q5x-uuf8" }, { "vulnerability": "VCID-7e6h-qe19-jken" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-d48t-6m2w-s7h2" }, { "vulnerability": "VCID-dptm-3z1r-bubj" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-f15s-unrj-57ax" }, { "vulnerability": "VCID-gfgb-su1s-ubaj" }, { "vulnerability": "VCID-hhmm-9bdt-fyb5" }, { "vulnerability": "VCID-hr4y-q8gp-5ua5" }, { "vulnerability": "VCID-hs15-esbz-bfhb" }, { "vulnerability": "VCID-jvvz-9twe-8fb1" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-nf6w-t7ew-ryde" }, { "vulnerability": "VCID-p242-zj5r-7faw" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tk6b-p759-jyfv" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-u4pt-mr2z-j3f2" }, { "vulnerability": "VCID-unh1-2xmh-qbcs" }, { "vulnerability": "VCID-vbvy-j84s-zygu" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" }, { "vulnerability": "VCID-x93s-u6kq-fbbe" }, { "vulnerability": "VCID-xpgs-hpf3-3qff" }, { "vulnerability": "VCID-y4zg-wf1d-4bcm" }, { "vulnerability": "VCID-yqdf-v5wf-j3bj" }, { "vulnerability": "VCID-zrvp-d87z-p7dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.0" } ], "aliases": [ "CVE-2022-4868", "GHSA-w6qf-j4qr-f946" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gyny-xdxc-vyg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/168779?format=api", "vulnerability_id": "VCID-hhky-38kt-9fcd", "summary": "Argument Injection in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4864", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.54281", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.54407", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.54406", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.54422", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4864" }, { "reference_url": "https://github.com/froxlor/froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4864", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4864" }, { "reference_url": "https://huntr.dev/bounties/b7140709-8f84-4f19-9463-78669fa2175b", "reference_id": "b7140709-8f84-4f19-9463-78669fa2175b", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T14:45:46Z/" } ], "url": "https://huntr.dev/bounties/b7140709-8f84-4f19-9463-78669fa2175b" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/f2485ecd9aab8da544b5e12891d82ae6fcff5fc7", "reference_id": "f2485ecd9aab8da544b5e12891d82ae6fcff5fc7", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T14:45:46Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/f2485ecd9aab8da544b5e12891d82ae6fcff5fc7" }, { "reference_url": "https://github.com/advisories/GHSA-3v7m-2jrh-vc93", "reference_id": "GHSA-3v7m-2jrh-vc93", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3v7m-2jrh-vc93" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/383928?format=api", "purl": "pkg:composer/froxlor/froxlor@2.0.0-beta1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.0-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/380013?format=api", "purl": "pkg:composer/froxlor/froxlor@2.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13gb-yr6z-n7cc" }, { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-2mym-uwpj-v3he" }, { "vulnerability": "VCID-38ph-pcue-zydu" }, { "vulnerability": "VCID-44fu-9q5x-uuf8" }, { "vulnerability": "VCID-7e6h-qe19-jken" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-d48t-6m2w-s7h2" }, { "vulnerability": "VCID-dptm-3z1r-bubj" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-f15s-unrj-57ax" }, { "vulnerability": "VCID-gfgb-su1s-ubaj" }, { "vulnerability": "VCID-hhmm-9bdt-fyb5" }, { "vulnerability": "VCID-hr4y-q8gp-5ua5" }, { "vulnerability": "VCID-hs15-esbz-bfhb" }, { "vulnerability": "VCID-jvvz-9twe-8fb1" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-nf6w-t7ew-ryde" }, { "vulnerability": "VCID-p242-zj5r-7faw" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tk6b-p759-jyfv" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-u4pt-mr2z-j3f2" }, { "vulnerability": "VCID-unh1-2xmh-qbcs" }, { "vulnerability": "VCID-vbvy-j84s-zygu" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" }, { "vulnerability": "VCID-x93s-u6kq-fbbe" }, { "vulnerability": "VCID-xpgs-hpf3-3qff" }, { "vulnerability": "VCID-y4zg-wf1d-4bcm" }, { "vulnerability": "VCID-yqdf-v5wf-j3bj" }, { "vulnerability": "VCID-zrvp-d87z-p7dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.0" } ], "aliases": [ "CVE-2022-4864", "GHSA-3v7m-2jrh-vc93" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hhky-38kt-9fcd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/151057?format=api", "vulnerability_id": "VCID-hhmm-9bdt-fyb5", "summary": "Unrestricted Upload of File with Dangerous Type in GitHub repository froxlor/froxlor prior to 2.0.14.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2034", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08952", "scoring_system": "epss", "scoring_elements": "0.92779", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.08952", "scoring_system": "epss", "scoring_elements": "0.92806", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.08952", "scoring_system": "epss", "scoring_elements": "0.92804", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2034" }, { "reference_url": "https://github.com/Froxlor/Froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Froxlor/Froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2034", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2034" }, { "reference_url": "https://huntr.dev/bounties/aba6beaa-570e-4523-8128-da4d8e374ef6", "reference_id": "aba6beaa-570e-4523-8128-da4d8e374ef6", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-06T21:01:22Z/" } ], "url": "https://huntr.dev/bounties/aba6beaa-570e-4523-8128-da4d8e374ef6" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/f36bc61fc74c85a21c8d31448198b11f96eb3bc6", "reference_id": "f36bc61fc74c85a21c8d31448198b11f96eb3bc6", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-06T21:01:22Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/f36bc61fc74c85a21c8d31448198b11f96eb3bc6" }, { "reference_url": "https://github.com/advisories/GHSA-qwvp-g9j7-28f6", "reference_id": "GHSA-qwvp-g9j7-28f6", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qwvp-g9j7-28f6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379375?format=api", "purl": "pkg:composer/froxlor/froxlor@2.0.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-38ph-pcue-zydu" }, { "vulnerability": "VCID-44fu-9q5x-uuf8" }, { "vulnerability": "VCID-7e6h-qe19-jken" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-dptm-3z1r-bubj" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-f15s-unrj-57ax" }, { "vulnerability": "VCID-gfgb-su1s-ubaj" }, { "vulnerability": "VCID-jvvz-9twe-8fb1" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tk6b-p759-jyfv" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-u4pt-mr2z-j3f2" }, { "vulnerability": "VCID-vbvy-j84s-zygu" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" }, { "vulnerability": "VCID-x93s-u6kq-fbbe" }, { "vulnerability": "VCID-y4zg-wf1d-4bcm" }, { "vulnerability": "VCID-yqdf-v5wf-j3bj" }, { "vulnerability": "VCID-zrvp-d87z-p7dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.14" } ], "aliases": [ "CVE-2023-2034", "GHSA-qwvp-g9j7-28f6" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hhmm-9bdt-fyb5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/147964?format=api", "vulnerability_id": "VCID-hr4y-q8gp-5ua5", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in froxlor/froxlor prior to 2.0.10.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0566", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.5418", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.54176", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.54193", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.5405", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0566" }, { "reference_url": "https://github.com/Froxlor/Froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Froxlor/Froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0566", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0566" }, { "reference_url": "https://huntr.dev/bounties/8339e4f1-d430-4845-81b5-36dd9fcdac49", "reference_id": "8339e4f1-d430-4845-81b5-36dd9fcdac49", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-28T15:44:01Z/" } ], "url": "https://huntr.dev/bounties/8339e4f1-d430-4845-81b5-36dd9fcdac49" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/bd5b99dc1c06f594b9563d459a50bf3b32504876", "reference_id": "bd5b99dc1c06f594b9563d459a50bf3b32504876", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-28T15:44:01Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/bd5b99dc1c06f594b9563d459a50bf3b32504876" }, { "reference_url": "https://github.com/advisories/GHSA-w7w4-qjgg-372x", "reference_id": "GHSA-w7w4-qjgg-372x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w7w4-qjgg-372x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379862?format=api", "purl": "pkg:composer/froxlor/froxlor@2.0.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13gb-yr6z-n7cc" }, { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-38ph-pcue-zydu" }, { "vulnerability": "VCID-44fu-9q5x-uuf8" }, { "vulnerability": "VCID-7e6h-qe19-jken" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-dptm-3z1r-bubj" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-f15s-unrj-57ax" }, { "vulnerability": "VCID-gfgb-su1s-ubaj" }, { "vulnerability": "VCID-hhmm-9bdt-fyb5" }, { "vulnerability": "VCID-jvvz-9twe-8fb1" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-nf6w-t7ew-ryde" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tk6b-p759-jyfv" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-u4pt-mr2z-j3f2" }, { "vulnerability": "VCID-vbvy-j84s-zygu" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" }, { "vulnerability": "VCID-x93s-u6kq-fbbe" }, { "vulnerability": "VCID-xpgs-hpf3-3qff" }, { "vulnerability": "VCID-y4zg-wf1d-4bcm" }, { "vulnerability": "VCID-yqdf-v5wf-j3bj" }, { "vulnerability": "VCID-zrvp-d87z-p7dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.10" } ], "aliases": [ "CVE-2023-0566", "GHSA-w7w4-qjgg-372x" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hr4y-q8gp-5ua5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/148659?format=api", "vulnerability_id": "VCID-hs15-esbz-bfhb", "summary": "Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0671", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00513", "scoring_system": "epss", "scoring_elements": "0.67111", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00513", "scoring_system": "epss", "scoring_elements": "0.67098", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00513", "scoring_system": "epss", "scoring_elements": "0.67112", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00513", "scoring_system": "epss", "scoring_elements": "0.67007", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0671" }, { "reference_url": "https://github.com/Froxlor/Froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Froxlor/Froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0671", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0671" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/0034681412057fef2dfe9cce9f8a6e3321f52edc", "reference_id": "0034681412057fef2dfe9cce9f8a6e3321f52edc", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-25T20:12:38Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/0034681412057fef2dfe9cce9f8a6e3321f52edc" }, { "reference_url": "https://huntr.dev/bounties/c2a84917-7ac0-4169-81c1-b61e617023de", "reference_id": "c2a84917-7ac0-4169-81c1-b61e617023de", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-25T20:12:38Z/" } ], "url": "https://huntr.dev/bounties/c2a84917-7ac0-4169-81c1-b61e617023de" }, { "reference_url": "https://github.com/advisories/GHSA-9fqc-9cpr-w73q", "reference_id": "GHSA-9fqc-9cpr-w73q", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9fqc-9cpr-w73q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379862?format=api", "purl": "pkg:composer/froxlor/froxlor@2.0.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13gb-yr6z-n7cc" }, { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-38ph-pcue-zydu" }, { "vulnerability": "VCID-44fu-9q5x-uuf8" }, { "vulnerability": "VCID-7e6h-qe19-jken" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-dptm-3z1r-bubj" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-f15s-unrj-57ax" }, { "vulnerability": "VCID-gfgb-su1s-ubaj" }, { "vulnerability": "VCID-hhmm-9bdt-fyb5" }, { "vulnerability": "VCID-jvvz-9twe-8fb1" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-nf6w-t7ew-ryde" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tk6b-p759-jyfv" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-u4pt-mr2z-j3f2" }, { "vulnerability": "VCID-vbvy-j84s-zygu" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" }, { "vulnerability": "VCID-x93s-u6kq-fbbe" }, { "vulnerability": "VCID-xpgs-hpf3-3qff" }, { "vulnerability": "VCID-y4zg-wf1d-4bcm" }, { "vulnerability": "VCID-yqdf-v5wf-j3bj" }, { "vulnerability": "VCID-zrvp-d87z-p7dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.10" } ], "aliases": [ "CVE-2023-0671", "GHSA-9fqc-9cpr-w73q" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "8.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hs15-esbz-bfhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208801?format=api", "vulnerability_id": "VCID-hwdk-umd9-pbhp", "summary": "HTML Injection in Froxlor", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-29653", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56546", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56428", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.5655", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56561", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-29653" }, { "reference_url": "https://github.com/Froxlor/Froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Froxlor/Froxlor" }, { "reference_url": "https://github.com/Froxlor/Froxlor/commit/6bf5eccc2477257b6c1760a3c3784ae7e0554ce0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Froxlor/Froxlor/commit/6bf5eccc2477257b6c1760a3c3784ae7e0554ce0" }, { "reference_url": "https://github.com/Froxlor/Froxlor/security/advisories", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Froxlor/Froxlor/security/advisories" }, { "reference_url": "https://nozero.io/en/cve-2020-29653-froxlor-html-injection-dangling-markup", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nozero.io/en/cve-2020-29653-froxlor-html-injection-dangling-markup" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29653", "reference_id": "CVE-2020-29653", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29653" }, { "reference_url": "https://nozero.io/en/cve-2020-29653-froxlor-html-injection-dangling-markup/", "reference_id": "CVE-2020-29653-FROXLOR-HTML-INJECTION-DANGLING-MARKUP", "reference_type": "", "scores": [], "url": "https://nozero.io/en/cve-2020-29653-froxlor-html-injection-dangling-markup/" }, { "reference_url": "https://github.com/advisories/GHSA-j739-gw6q-f4c7", "reference_id": "GHSA-j739-gw6q-f4c7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j739-gw6q-f4c7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/518341?format=api", "purl": "pkg:composer/froxlor/froxlor@0.10.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13gb-yr6z-n7cc" }, { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-2mym-uwpj-v3he" }, { "vulnerability": "VCID-38ph-pcue-zydu" }, { "vulnerability": "VCID-44fu-9q5x-uuf8" }, { "vulnerability": "VCID-7e6h-qe19-jken" }, { "vulnerability": "VCID-8c8t-7j1p-3baa" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-d48t-6m2w-s7h2" }, { "vulnerability": "VCID-dptm-3z1r-bubj" }, { "vulnerability": "VCID-e8hu-xceh-cygy" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-f15s-unrj-57ax" }, { "vulnerability": "VCID-gfgb-su1s-ubaj" }, { "vulnerability": "VCID-gxb4-1jgt-z3a8" }, { "vulnerability": "VCID-gyny-xdxc-vyg7" }, { "vulnerability": "VCID-hhky-38kt-9fcd" }, { "vulnerability": "VCID-hhmm-9bdt-fyb5" }, { "vulnerability": "VCID-hr4y-q8gp-5ua5" }, { "vulnerability": "VCID-hs15-esbz-bfhb" }, { "vulnerability": "VCID-jvvz-9twe-8fb1" }, { "vulnerability": "VCID-mgwv-2pj5-pqav" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-nf6w-t7ew-ryde" }, { "vulnerability": "VCID-p242-zj5r-7faw" }, { "vulnerability": "VCID-p627-qr92-mkdp" }, { "vulnerability": "VCID-qyzq-4avu-zugu" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tk6b-p759-jyfv" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-u4pt-mr2z-j3f2" }, { "vulnerability": "VCID-unh1-2xmh-qbcs" }, { "vulnerability": "VCID-vbvy-j84s-zygu" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" }, { "vulnerability": "VCID-x93s-u6kq-fbbe" }, { "vulnerability": "VCID-xpgs-hpf3-3qff" }, { "vulnerability": "VCID-y4zg-wf1d-4bcm" }, { "vulnerability": "VCID-yqdf-v5wf-j3bj" }, { "vulnerability": "VCID-zrvp-d87z-p7dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@0.10.23" } ], "aliases": [ "CVE-2020-29653", "GHSA-j739-gw6q-f4c7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hwdk-umd9-pbhp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/118076?format=api", "vulnerability_id": "VCID-jvvz-9twe-8fb1", "summary": "Froxlor is open source server administration software. Prior to version 2.2.6, an HTML Injection vulnerability in the customer account portal allows an attacker to inject malicious HTML payloads in the email section. This can lead to phishing attacks, credential theft, and reputational damage by redirecting users to malicious external websites. The vulnerability has a medium severity, as it can be exploited through user input without authentication. Version 2.2.6 fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48958", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38415", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38403", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38392", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38218", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48958" }, { "reference_url": "https://github.com/froxlor/Froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/Froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48958", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48958" }, { "reference_url": "https://github.com/user-attachments/assets/86947633-3e7c-4e10-86cc-92e577761e8e", "reference_id": "86947633-3e7c-4e10-86cc-92e577761e8e", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-02T16:40:22Z/" } ], "url": "https://github.com/user-attachments/assets/86947633-3e7c-4e10-86cc-92e577761e8e" }, { "reference_url": "https://github.com/froxlor/Froxlor/commit/fde43f80600f1035e1e3d2297411b666d805549a", "reference_id": "fde43f80600f1035e1e3d2297411b666d805549a", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-02T16:40:22Z/" } ], "url": "https://github.com/froxlor/Froxlor/commit/fde43f80600f1035e1e3d2297411b666d805549a" }, { "reference_url": "https://github.com/advisories/GHSA-26xq-m8xw-6373", "reference_id": "GHSA-26xq-m8xw-6373", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-26xq-m8xw-6373" }, { "reference_url": "https://github.com/froxlor/Froxlor/security/advisories/GHSA-26xq-m8xw-6373", "reference_id": "GHSA-26xq-m8xw-6373", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-02T16:40:22Z/" } ], "url": "https://github.com/froxlor/Froxlor/security/advisories/GHSA-26xq-m8xw-6373" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/378109?format=api", "purl": "pkg:composer/froxlor/froxlor@2.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.2.6" } ], "aliases": [ "CVE-2025-48958", "GHSA-26xq-m8xw-6373" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jvvz-9twe-8fb1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/148470?format=api", "vulnerability_id": "VCID-mgwv-2pj5-pqav", "summary": "Path Traversal: '\\..\\filename' in GitHub repository froxlor/froxlor prior to 2.0.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0316", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.50264", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.50403", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.50398", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.50417", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0316" }, { "reference_url": "https://github.com/Froxlor/Froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Froxlor/Froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0316", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0316" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/983d9294603925018225d672795bd8b4a526f41e", "reference_id": "983d9294603925018225d672795bd8b4a526f41e", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:08:55Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/983d9294603925018225d672795bd8b4a526f41e" }, { "reference_url": "https://huntr.dev/bounties/c190e42a-4806-47aa-aa1e-ff5d6407e244", "reference_id": "c190e42a-4806-47aa-aa1e-ff5d6407e244", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:08:55Z/" } ], "url": "https://huntr.dev/bounties/c190e42a-4806-47aa-aa1e-ff5d6407e244" }, { "reference_url": "https://github.com/advisories/GHSA-xp3g-2729-rxm3", "reference_id": "GHSA-xp3g-2729-rxm3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xp3g-2729-rxm3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380013?format=api", "purl": "pkg:composer/froxlor/froxlor@2.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13gb-yr6z-n7cc" }, { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-2mym-uwpj-v3he" }, { "vulnerability": "VCID-38ph-pcue-zydu" }, { "vulnerability": "VCID-44fu-9q5x-uuf8" }, { "vulnerability": "VCID-7e6h-qe19-jken" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-d48t-6m2w-s7h2" }, { "vulnerability": "VCID-dptm-3z1r-bubj" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-f15s-unrj-57ax" }, { "vulnerability": "VCID-gfgb-su1s-ubaj" }, { "vulnerability": "VCID-hhmm-9bdt-fyb5" }, { "vulnerability": "VCID-hr4y-q8gp-5ua5" }, { "vulnerability": "VCID-hs15-esbz-bfhb" }, { "vulnerability": "VCID-jvvz-9twe-8fb1" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-nf6w-t7ew-ryde" }, { "vulnerability": "VCID-p242-zj5r-7faw" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tk6b-p759-jyfv" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-u4pt-mr2z-j3f2" }, { "vulnerability": "VCID-unh1-2xmh-qbcs" }, { "vulnerability": "VCID-vbvy-j84s-zygu" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" }, { "vulnerability": "VCID-x93s-u6kq-fbbe" }, { "vulnerability": "VCID-xpgs-hpf3-3qff" }, { "vulnerability": "VCID-y4zg-wf1d-4bcm" }, { "vulnerability": "VCID-yqdf-v5wf-j3bj" }, { "vulnerability": "VCID-zrvp-d87z-p7dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.0" } ], "aliases": [ "CVE-2023-0316", "GHSA-xp3g-2729-rxm3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mgwv-2pj5-pqav" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80672?format=api", "vulnerability_id": "VCID-nbu9-sey3-w7es", "summary": "Froxlor is open source server administration software. Prior to version 2.3.6, in `EmailSender::add()`, the domain ownership validation for full email sender aliases uses the wrong array index when splitting the email address, passing the local part instead of the domain to `validateLocalDomainOwnership()`. This causes the ownership check to always pass for non-existent \"domains,\" allowing any authenticated customer to add sender aliases for email addresses on domains belonging to other customers. Postfix's `sender_login_maps` then authorizes the attacker to send emails as those addresses. Version 2.3.6 fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41232", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.12259", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.12181", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.1228", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.12274", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41232" }, { "reference_url": "https://github.com/froxlor/froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41232", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41232" }, { "reference_url": "https://github.com/froxlor/froxlor/releases/tag/2.3.6", "reference_id": "2.3.6", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T14:49:29Z/" } ], "url": "https://github.com/froxlor/froxlor/releases/tag/2.3.6" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/77d04badf549d5f8429828f0fbc69bc37a35e07a", "reference_id": "77d04badf549d5f8429828f0fbc69bc37a35e07a", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T14:49:29Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/77d04badf549d5f8429828f0fbc69bc37a35e07a" }, { "reference_url": "https://github.com/advisories/GHSA-vmjj-qr7v-pxm6", "reference_id": "GHSA-vmjj-qr7v-pxm6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vmjj-qr7v-pxm6" }, { "reference_url": "https://github.com/froxlor/froxlor/security/advisories/GHSA-vmjj-qr7v-pxm6", "reference_id": "GHSA-vmjj-qr7v-pxm6", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T14:49:29Z/" } ], "url": "https://github.com/froxlor/froxlor/security/advisories/GHSA-vmjj-qr7v-pxm6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/41711?format=api", "purl": "pkg:composer/froxlor/froxlor@2.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46tt-1n8z-xuct" }, { "vulnerability": "VCID-kjsn-vrac-67f9" }, { "vulnerability": "VCID-uyv2-5ka7-pufp" }, { "vulnerability": "VCID-vvvf-273x-s3g8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.3.6" } ], "aliases": [ "CVE-2026-41232", "GHSA-vmjj-qr7v-pxm6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nbu9-sey3-w7es" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/144275?format=api", "vulnerability_id": "VCID-nf6w-t7ew-ryde", "summary": "Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.11.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1033", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42976", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.43145", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.43135", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.43154", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1033" }, { "reference_url": "https://github.com/froxlor/froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1033", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1033" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/4003a8d2b60728a77476d1d4f5aa5c635f128950", "reference_id": "4003a8d2b60728a77476d1d4f5aa5c635f128950", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-11T15:36:54Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/4003a8d2b60728a77476d1d4f5aa5c635f128950" }, { "reference_url": "https://huntr.dev/bounties/ba3cd929-8b60-4d8d-b77d-f28409ecf387", "reference_id": "ba3cd929-8b60-4d8d-b77d-f28409ecf387", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-11T15:36:54Z/" } ], "url": "https://huntr.dev/bounties/ba3cd929-8b60-4d8d-b77d-f28409ecf387" }, { "reference_url": "https://github.com/advisories/GHSA-p7qq-rrvw-x55x", "reference_id": "GHSA-p7qq-rrvw-x55x", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p7qq-rrvw-x55x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380400?format=api", "purl": "pkg:composer/froxlor/froxlor@2.0.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-38ph-pcue-zydu" }, { "vulnerability": "VCID-44fu-9q5x-uuf8" }, { "vulnerability": "VCID-7e6h-qe19-jken" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-dptm-3z1r-bubj" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-f15s-unrj-57ax" }, { "vulnerability": "VCID-gfgb-su1s-ubaj" }, { "vulnerability": "VCID-hhmm-9bdt-fyb5" }, { "vulnerability": "VCID-jvvz-9twe-8fb1" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tk6b-p759-jyfv" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-u4pt-mr2z-j3f2" }, { "vulnerability": "VCID-vbvy-j84s-zygu" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" }, { "vulnerability": "VCID-x93s-u6kq-fbbe" }, { "vulnerability": "VCID-xpgs-hpf3-3qff" }, { "vulnerability": "VCID-y4zg-wf1d-4bcm" }, { "vulnerability": "VCID-yqdf-v5wf-j3bj" }, { "vulnerability": "VCID-zrvp-d87z-p7dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.11" } ], "aliases": [ "CVE-2023-1033", "GHSA-p7qq-rrvw-x55x" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nf6w-t7ew-ryde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/148288?format=api", "vulnerability_id": "VCID-p242-zj5r-7faw", "summary": "Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0315", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.89127", "scoring_system": "epss", "scoring_elements": "0.99553", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.89127", "scoring_system": "epss", "scoring_elements": "0.99552", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0315" }, { "reference_url": "https://github.com/Froxlor/Froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Froxlor/Froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0315", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0315" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/090cfc26f2722ac3036cc7fd1861955bc36f065a", "reference_id": "090cfc26f2722ac3036cc7fd1861955bc36f065a", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-07T15:09:43Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/090cfc26f2722ac3036cc7fd1861955bc36f065a" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/51263.py", "reference_id": "CVE-2023-0315", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/51263.py" }, { "reference_url": "https://huntr.dev/bounties/ff4e177b-ba48-4913-bbfa-ab8ce0db5943", "reference_id": "ff4e177b-ba48-4913-bbfa-ab8ce0db5943", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-07T15:09:43Z/" } ], "url": "https://huntr.dev/bounties/ff4e177b-ba48-4913-bbfa-ab8ce0db5943" }, { "reference_url": "http://packetstormsecurity.com/files/171729/Froxlor-2.0.3-Stable-Remote-Code-Execution.html", "reference_id": "Froxlor-2.0.3-Stable-Remote-Code-Execution.html", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-07T15:09:43Z/" } ], "url": "http://packetstormsecurity.com/files/171729/Froxlor-2.0.3-Stable-Remote-Code-Execution.html" }, { "reference_url": "http://packetstormsecurity.com/files/171108/Froxlor-2.0.6-Remote-Command-Execution.html", "reference_id": "Froxlor-2.0.6-Remote-Command-Execution.html", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-07T15:09:43Z/" } ], "url": "http://packetstormsecurity.com/files/171108/Froxlor-2.0.6-Remote-Command-Execution.html" }, { "reference_url": "https://github.com/advisories/GHSA-cp68-42pf-6627", "reference_id": "GHSA-cp68-42pf-6627", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cp68-42pf-6627" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379955?format=api", "purl": "pkg:composer/froxlor/froxlor@2.0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13gb-yr6z-n7cc" }, { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-2mym-uwpj-v3he" }, { "vulnerability": "VCID-38ph-pcue-zydu" }, { "vulnerability": "VCID-44fu-9q5x-uuf8" }, { "vulnerability": "VCID-7e6h-qe19-jken" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-d48t-6m2w-s7h2" }, { "vulnerability": "VCID-dptm-3z1r-bubj" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-f15s-unrj-57ax" }, { "vulnerability": "VCID-gfgb-su1s-ubaj" }, { "vulnerability": "VCID-hhmm-9bdt-fyb5" }, { "vulnerability": "VCID-hr4y-q8gp-5ua5" }, { "vulnerability": "VCID-hs15-esbz-bfhb" }, { "vulnerability": "VCID-jvvz-9twe-8fb1" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-nf6w-t7ew-ryde" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tk6b-p759-jyfv" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-u4pt-mr2z-j3f2" }, { "vulnerability": "VCID-unh1-2xmh-qbcs" }, { "vulnerability": "VCID-vbvy-j84s-zygu" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" }, { "vulnerability": "VCID-x93s-u6kq-fbbe" }, { "vulnerability": "VCID-xpgs-hpf3-3qff" }, { "vulnerability": "VCID-y4zg-wf1d-4bcm" }, { "vulnerability": "VCID-yqdf-v5wf-j3bj" }, { "vulnerability": "VCID-zrvp-d87z-p7dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.8" } ], "aliases": [ "CVE-2023-0315", "GHSA-cp68-42pf-6627" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p242-zj5r-7faw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211256?format=api", "vulnerability_id": "VCID-p627-qr92-mkdp", "summary": "Froxlor vulnerable to Cross-Site Request Forgery (CSRF)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3017", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29235", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29031", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29242", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29254", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3017" }, { "reference_url": "https://github.com/Froxlor/Froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Froxlor/Froxlor" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/bbe82286aae21328668f24857995a67598fe978a", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/froxlor/commit/bbe82286aae21328668f24857995a67598fe978a" }, { "reference_url": "https://huntr.dev/bounties/5250c4b1-132b-4da6-9bd6-db36cb56bea0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/5250c4b1-132b-4da6-9bd6-db36cb56bea0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3017", "reference_id": "CVE-2022-3017", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3017" }, { "reference_url": "https://github.com/advisories/GHSA-9xgp-3mxp-rv7x", "reference_id": "GHSA-9xgp-3mxp-rv7x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9xgp-3mxp-rv7x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/25898?format=api", "purl": "pkg:composer/froxlor/froxlor@0.10.38", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13gb-yr6z-n7cc" }, { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-2mym-uwpj-v3he" }, { "vulnerability": "VCID-38ph-pcue-zydu" }, { "vulnerability": "VCID-44fu-9q5x-uuf8" }, { "vulnerability": "VCID-7e6h-qe19-jken" }, { "vulnerability": "VCID-8c8t-7j1p-3baa" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-d48t-6m2w-s7h2" }, { "vulnerability": "VCID-dptm-3z1r-bubj" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-f15s-unrj-57ax" }, { "vulnerability": "VCID-gfgb-su1s-ubaj" }, { "vulnerability": "VCID-gxb4-1jgt-z3a8" }, { "vulnerability": "VCID-gyny-xdxc-vyg7" }, { "vulnerability": "VCID-hhky-38kt-9fcd" }, { "vulnerability": "VCID-hhmm-9bdt-fyb5" }, { "vulnerability": "VCID-hr4y-q8gp-5ua5" }, { "vulnerability": "VCID-hs15-esbz-bfhb" }, { "vulnerability": "VCID-jvvz-9twe-8fb1" }, { "vulnerability": "VCID-mgwv-2pj5-pqav" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-nf6w-t7ew-ryde" }, { "vulnerability": "VCID-p242-zj5r-7faw" }, { "vulnerability": "VCID-qyzq-4avu-zugu" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tk6b-p759-jyfv" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-u4pt-mr2z-j3f2" }, { "vulnerability": "VCID-unh1-2xmh-qbcs" }, { "vulnerability": "VCID-vbvy-j84s-zygu" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" }, { "vulnerability": "VCID-x93s-u6kq-fbbe" }, { "vulnerability": "VCID-xpgs-hpf3-3qff" }, { "vulnerability": "VCID-y4zg-wf1d-4bcm" }, { "vulnerability": "VCID-yqdf-v5wf-j3bj" }, { "vulnerability": "VCID-zrvp-d87z-p7dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@0.10.38" } ], "aliases": [ "CVE-2022-3017", "GHSA-9xgp-3mxp-rv7x" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p627-qr92-mkdp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/174943?format=api", "vulnerability_id": "VCID-qyzq-4avu-zugu", "summary": "Code Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3869", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.14857", "scoring_system": "epss", "scoring_elements": "0.94675", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.14857", "scoring_system": "epss", "scoring_elements": "0.94703", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.14857", "scoring_system": "epss", "scoring_elements": "0.94694", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.14857", "scoring_system": "epss", "scoring_elements": "0.94701", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3869" }, { "reference_url": "https://github.com/froxlor/froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/froxlor" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/3f10a4adede9df83408d60ded78b51b812a763a8", "reference_id": "3f10a4adede9df83408d60ded78b51b812a763a8", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-05-05T20:27:39Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/3f10a4adede9df83408d60ded78b51b812a763a8" }, { "reference_url": "https://huntr.dev/bounties/7de20f21-4a9b-445d-ae2b-15ade648900b", "reference_id": "7de20f21-4a9b-445d-ae2b-15ade648900b", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-05-05T20:27:39Z/" } ], "url": "https://huntr.dev/bounties/7de20f21-4a9b-445d-ae2b-15ade648900b" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3869", "reference_id": "CVE-2022-3869", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3869" }, { "reference_url": "https://github.com/advisories/GHSA-6rjv-xxgr-v57x", "reference_id": "GHSA-6rjv-xxgr-v57x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6rjv-xxgr-v57x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27761?format=api", "purl": "pkg:composer/froxlor/froxlor@0.10.38%2B2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@0.10.38%252B2" } ], "aliases": [ "CVE-2022-3869", "GHSA-6rjv-xxgr-v57x" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qyzq-4avu-zugu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70796?format=api", "vulnerability_id": "VCID-rw5a-bgxw-bfbd", "summary": "Froxlor is open source server administration software. Prior to 2.3.4, a typo in Froxlor's input validation code (== instead of =) completely disables email format checking for all settings fields declared as email type. This allows an authenticated admin to store arbitrary strings in the panel.adminmail setting. This value is later concatenated into a shell command executed as root by a cron job, where the pipe character | is explicitly whitelisted. The result is full root-level Remote Code Execution. This vulnerability is fixed in 2.3.4.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-26279", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.009", "scoring_system": "epss", "scoring_elements": "0.76198", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.009", "scoring_system": "epss", "scoring_elements": "0.76204", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.009", "scoring_system": "epss", "scoring_elements": "0.76191", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.009", "scoring_system": "epss", "scoring_elements": "0.76119", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-26279" }, { "reference_url": "https://github.com/froxlor/froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/froxlor" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/22249677107f8f39f8d4a238605641e87dab4343", "reference_id": "22249677107f8f39f8d4a238605641e87dab4343", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-04T16:12:37Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/22249677107f8f39f8d4a238605641e87dab4343" }, { "reference_url": "https://github.com/froxlor/froxlor/releases/tag/2.3.4", "reference_id": "2.3.4", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-04T16:12:37Z/" } ], "url": "https://github.com/froxlor/froxlor/releases/tag/2.3.4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26279", "reference_id": "CVE-2026-26279", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26279" }, { "reference_url": "https://github.com/advisories/GHSA-33mp-8p67-xj7c", "reference_id": "GHSA-33mp-8p67-xj7c", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-33mp-8p67-xj7c" }, { "reference_url": "https://github.com/froxlor/Froxlor/security/advisories/GHSA-33mp-8p67-xj7c", "reference_id": "GHSA-33mp-8p67-xj7c", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-04T16:12:37Z/" } ], "url": "https://github.com/froxlor/Froxlor/security/advisories/GHSA-33mp-8p67-xj7c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40093?format=api", "purl": "pkg:composer/froxlor/froxlor@2.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.3.4" } ], "aliases": [ "CVE-2026-26279", "GHSA-33mp-8p67-xj7c" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rw5a-bgxw-bfbd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/133459?format=api", "vulnerability_id": "VCID-tk6b-p759-jyfv", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.1.0-dev1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5564", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18716", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18721", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18739", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18558", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5564" }, { "reference_url": "https://github.com/Froxlor/Froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Froxlor/Froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5564", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5564" }, { "reference_url": "https://huntr.dev/bounties/9254d8f3-a847-4ae8-8477-d2ce027cff5c", "reference_id": "9254d8f3-a847-4ae8-8477-d2ce027cff5c", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T17:07:19Z/" } ], "url": "https://huntr.dev/bounties/9254d8f3-a847-4ae8-8477-d2ce027cff5c" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/e8ed43056c1665522a586e3485da67f2bdf073aa", "reference_id": "e8ed43056c1665522a586e3485da67f2bdf073aa", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T17:07:19Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/e8ed43056c1665522a586e3485da67f2bdf073aa" }, { "reference_url": "https://github.com/advisories/GHSA-j5hq-6frc-64v3", "reference_id": "GHSA-j5hq-6frc-64v3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j5hq-6frc-64v3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379319?format=api", "purl": "pkg:composer/froxlor/froxlor@2.1.0-dev1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.1.0-dev1" } ], "aliases": [ "CVE-2023-5564", "GHSA-j5hq-6frc-64v3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tk6b-p759-jyfv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80953?format=api", "vulnerability_id": "VCID-tvgb-xmfz-tuf6", "summary": "Froxlor is open source server administration software. Prior to version 2.3.6, in `Domains.add()`, the `adminid` parameter is accepted from user input and used without validation when the calling reseller does not have the `customers_see_all` permission. This allows a reseller to attribute newly created domains to any other admin, bypassing their own domain quota (since the wrong admin's `domains_used` counter is incremented) and potentially exhausting another admin's quota. Version 2.3.6 fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41233", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.17011", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.17153", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.17167", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.17179", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41233" }, { "reference_url": "https://github.com/froxlor/froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41233", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41233" }, { "reference_url": "https://github.com/froxlor/froxlor/releases/tag/2.3.6", "reference_id": "2.3.6", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T12:26:17Z/" } ], "url": "https://github.com/froxlor/froxlor/releases/tag/2.3.6" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/bf47ba15329506e9f9662f9462463932aa80dff5", "reference_id": "bf47ba15329506e9f9662f9462463932aa80dff5", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T12:26:17Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/bf47ba15329506e9f9662f9462463932aa80dff5" }, { "reference_url": "https://github.com/advisories/GHSA-jvx4-xv3m-hrj4", "reference_id": "GHSA-jvx4-xv3m-hrj4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jvx4-xv3m-hrj4" }, { "reference_url": "https://github.com/froxlor/froxlor/security/advisories/GHSA-jvx4-xv3m-hrj4", "reference_id": "GHSA-jvx4-xv3m-hrj4", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T12:26:17Z/" } ], "url": "https://github.com/froxlor/froxlor/security/advisories/GHSA-jvx4-xv3m-hrj4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/41711?format=api", "purl": "pkg:composer/froxlor/froxlor@2.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46tt-1n8z-xuct" }, { "vulnerability": "VCID-kjsn-vrac-67f9" }, { "vulnerability": "VCID-uyv2-5ka7-pufp" }, { "vulnerability": "VCID-vvvf-273x-s3g8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.3.6" } ], "aliases": [ "CVE-2026-41233", "GHSA-jvx4-xv3m-hrj4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tvgb-xmfz-tuf6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/212215?format=api", "vulnerability_id": "VCID-u4pt-mr2z-j3f2", "summary": "Froxlor: /etc/pure-ftpd/db/mysql.conf is chmod 644 but contains <SQL_UNPRIVILEGED_PASSWORD>", "references": [ { "reference_url": "https://github.com/froxlor/Froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/Froxlor" }, { "reference_url": "https://github.com/froxlor/Froxlor/blob/2.1.9/lib/configfiles/bookworm.xml#L3075", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/Froxlor/blob/2.1.9/lib/configfiles/bookworm.xml#L3075" }, { "reference_url": "https://github.com/froxlor/Froxlor/commit/5d2ce4ecfb0e9c397ef5c73b107fb9a0e122e910", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/Froxlor/commit/5d2ce4ecfb0e9c397ef5c73b107fb9a0e122e910" }, { "reference_url": "https://github.com/advisories/GHSA-34qg-65m4-f23m", "reference_id": "GHSA-34qg-65m4-f23m", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-34qg-65m4-f23m" }, { "reference_url": "https://github.com/froxlor/Froxlor/security/advisories/GHSA-34qg-65m4-f23m", "reference_id": "GHSA-34qg-65m4-f23m", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/Froxlor/security/advisories/GHSA-34qg-65m4-f23m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/33112?format=api", "purl": "pkg:composer/froxlor/froxlor@2.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-7e6h-qe19-jken" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-jvvz-9twe-8fb1" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.2.0" } ], "aliases": [ "GHSA-34qg-65m4-f23m" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u4pt-mr2z-j3f2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/148259?format=api", "vulnerability_id": "VCID-unh1-2xmh-qbcs", "summary": "Weak Password Requirements in GitHub repository froxlor/froxlor prior to 2.0.10.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0564", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39641", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39825", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39812", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39836", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0564" }, { "reference_url": "https://github.com/froxlor/froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0564", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0564" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/2a84e9c1207fd3d792b7fb198fd0c66fe1a66a7a", "reference_id": "2a84e9c1207fd3d792b7fb198fd0c66fe1a66a7a", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-28T15:46:07Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/2a84e9c1207fd3d792b7fb198fd0c66fe1a66a7a" }, { "reference_url": "https://huntr.dev/bounties/a4f86d6f-0d5d-428d-a4b3-551b20a21ce6", "reference_id": "a4f86d6f-0d5d-428d-a4b3-551b20a21ce6", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-28T15:46:07Z/" } ], "url": "https://huntr.dev/bounties/a4f86d6f-0d5d-428d-a4b3-551b20a21ce6" }, { "reference_url": "https://github.com/advisories/GHSA-pm72-27mg-fc28", "reference_id": "GHSA-pm72-27mg-fc28", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pm72-27mg-fc28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379862?format=api", "purl": "pkg:composer/froxlor/froxlor@2.0.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13gb-yr6z-n7cc" }, { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-38ph-pcue-zydu" }, { "vulnerability": "VCID-44fu-9q5x-uuf8" }, { "vulnerability": "VCID-7e6h-qe19-jken" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-dptm-3z1r-bubj" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-f15s-unrj-57ax" }, { "vulnerability": "VCID-gfgb-su1s-ubaj" }, { "vulnerability": "VCID-hhmm-9bdt-fyb5" }, { "vulnerability": "VCID-jvvz-9twe-8fb1" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-nf6w-t7ew-ryde" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tk6b-p759-jyfv" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-u4pt-mr2z-j3f2" }, { "vulnerability": "VCID-vbvy-j84s-zygu" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" }, { "vulnerability": "VCID-x93s-u6kq-fbbe" }, { "vulnerability": "VCID-xpgs-hpf3-3qff" }, { "vulnerability": "VCID-y4zg-wf1d-4bcm" }, { "vulnerability": "VCID-yqdf-v5wf-j3bj" }, { "vulnerability": "VCID-zrvp-d87z-p7dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.10" } ], "aliases": [ "CVE-2023-0564", "GHSA-pm72-27mg-fc28" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-unh1-2xmh-qbcs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/151443?format=api", "vulnerability_id": "VCID-vbvy-j84s-zygu", "summary": "Path Traversal in GitHub repository froxlor/froxlor prior to 2.0.20.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3172", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53797", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53813", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53671", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3172" }, { "reference_url": "https://github.com/froxlor/froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3172", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3172" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/da810ea95393dfaec68a70e30b7c887c50563a7e", "reference_id": "da810ea95393dfaec68a70e30b7c887c50563a7e", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-06T17:12:19Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/da810ea95393dfaec68a70e30b7c887c50563a7e" }, { "reference_url": "https://huntr.dev/bounties/e50966cd-9222-46b9-aedc-1feb3f2a0b0e", "reference_id": "e50966cd-9222-46b9-aedc-1feb3f2a0b0e", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-06T17:12:19Z/" } ], "url": "https://huntr.dev/bounties/e50966cd-9222-46b9-aedc-1feb3f2a0b0e" }, { "reference_url": "https://github.com/advisories/GHSA-ghqq-jfx7-f6m9", "reference_id": "GHSA-ghqq-jfx7-f6m9", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ghqq-jfx7-f6m9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381608?format=api", "purl": "pkg:composer/froxlor/froxlor@2.0.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-38ph-pcue-zydu" }, { "vulnerability": "VCID-7e6h-qe19-jken" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-dptm-3z1r-bubj" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-f15s-unrj-57ax" }, { "vulnerability": "VCID-jvvz-9twe-8fb1" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tk6b-p759-jyfv" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-u4pt-mr2z-j3f2" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" }, { "vulnerability": "VCID-x93s-u6kq-fbbe" }, { "vulnerability": "VCID-y4zg-wf1d-4bcm" }, { "vulnerability": "VCID-yqdf-v5wf-j3bj" }, { "vulnerability": "VCID-zrvp-d87z-p7dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.20" } ], "aliases": [ "CVE-2023-3172", "GHSA-ghqq-jfx7-f6m9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vbvy-j84s-zygu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80698?format=api", "vulnerability_id": "VCID-w7xv-k4rd-v7bq", "summary": "Froxlor is open source server administration software. Prior to version 2.3.6, `DataDump.add()` constructs the export destination path from user-supplied input without passing the `$fixed_homedir` parameter to `FileDir::makeCorrectDir()`, bypassing the symlink validation that was added to all other customer-facing path operations (likely as the fix for CVE-2023-6069). When the ExportCron runs as root, it executes `chown -R` on the resolved symlink target, allowing a customer to take ownership of arbitrary directories on the system. Version 2.3.6 contains an updated fix.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41231", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24972", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25172", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30399", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30411", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41231" }, { "reference_url": "https://github.com/froxlor/froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41231", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41231" }, { "reference_url": "https://github.com/froxlor/froxlor/releases/tag/2.3.6", "reference_id": "2.3.6", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-23T14:48:21Z/" } ], "url": "https://github.com/froxlor/froxlor/releases/tag/2.3.6" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/2987b0e8806ef12b532410050ad76d13d673a87d", "reference_id": "2987b0e8806ef12b532410050ad76d13d673a87d", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-23T14:48:21Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/2987b0e8806ef12b532410050ad76d13d673a87d" }, { "reference_url": "https://github.com/advisories/GHSA-75h4-c557-j89r", "reference_id": "GHSA-75h4-c557-j89r", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-75h4-c557-j89r" }, { "reference_url": "https://github.com/froxlor/froxlor/security/advisories/GHSA-75h4-c557-j89r", "reference_id": "GHSA-75h4-c557-j89r", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-23T14:48:21Z/" } ], "url": "https://github.com/froxlor/froxlor/security/advisories/GHSA-75h4-c557-j89r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/41711?format=api", "purl": "pkg:composer/froxlor/froxlor@2.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46tt-1n8z-xuct" }, { "vulnerability": "VCID-kjsn-vrac-67f9" }, { "vulnerability": "VCID-uyv2-5ka7-pufp" }, { "vulnerability": "VCID-vvvf-273x-s3g8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.3.6" } ], "aliases": [ "CVE-2026-41231", "GHSA-75h4-c557-j89r" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w7xv-k4rd-v7bq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/146649?format=api", "vulnerability_id": "VCID-x93s-u6kq-fbbe", "summary": "Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements (e.g. surname, company name) established by the system. Version 2.1.2 fixes this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50256", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18894", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18888", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18731", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18912", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50256" }, { "reference_url": "https://github.com/Froxlor/Froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Froxlor/Froxlor" }, { "reference_url": "https://user-images.githubusercontent.com/80028768/289675319-81ae8ebe-1308-4ee3-bedb-43cdc40da474.mp4", "reference_id": "289675319-81ae8ebe-1308-4ee3-bedb-43cdc40da474.mp4", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-09T15:34:46Z/" } ], "url": "https://user-images.githubusercontent.com/80028768/289675319-81ae8ebe-1308-4ee3-bedb-43cdc40da474.mp4" }, { "reference_url": "https://github.com/Froxlor/Froxlor/commit/4b1846883d4828962add91bd844596d89a9c7cac", "reference_id": "4b1846883d4828962add91bd844596d89a9c7cac", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-09T15:34:46Z/" } ], "url": "https://github.com/Froxlor/Froxlor/commit/4b1846883d4828962add91bd844596d89a9c7cac" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50256", "reference_id": "CVE-2023-50256", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50256" }, { "reference_url": "https://github.com/advisories/GHSA-625g-fm5w-w7w4", "reference_id": "GHSA-625g-fm5w-w7w4", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-625g-fm5w-w7w4" }, { "reference_url": "https://github.com/Froxlor/Froxlor/security/advisories/GHSA-625g-fm5w-w7w4", "reference_id": "GHSA-625g-fm5w-w7w4", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-09T15:34:46Z/" } ], "url": "https://github.com/Froxlor/Froxlor/security/advisories/GHSA-625g-fm5w-w7w4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/28269?format=api", "purl": "pkg:composer/froxlor/froxlor@2.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-7e6h-qe19-jken" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-dptm-3z1r-bubj" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-jvvz-9twe-8fb1" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-u4pt-mr2z-j3f2" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.1.2" } ], "aliases": [ "CVE-2023-50256", "GHSA-625g-fm5w-w7w4" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x93s-u6kq-fbbe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/144856?format=api", "vulnerability_id": "VCID-xpgs-hpf3-3qff", "summary": "Authentication Bypass by Primary Weakness in GitHub repository froxlor/froxlor prior to 2.0.13.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1307", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00475", "scoring_system": "epss", "scoring_elements": "0.65307", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00475", "scoring_system": "epss", "scoring_elements": "0.65416", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00475", "scoring_system": "epss", "scoring_elements": "0.65407", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00475", "scoring_system": "epss", "scoring_elements": "0.65418", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1307" }, { "reference_url": "https://github.com/Froxlor/Froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Froxlor/Froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1307", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1307" }, { "reference_url": "https://huntr.dev/bounties/5fe85af4-a667-41a9-a00d-f99e07c5e2f1", "reference_id": "5fe85af4-a667-41a9-a00d-f99e07c5e2f1", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-28T17:05:24Z/" } ], "url": "https://huntr.dev/bounties/5fe85af4-a667-41a9-a00d-f99e07c5e2f1" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/6777fbf229200f4fd566022e186548391219ab23", "reference_id": "6777fbf229200f4fd566022e186548391219ab23", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-28T17:05:24Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/6777fbf229200f4fd566022e186548391219ab23" }, { "reference_url": "https://github.com/advisories/GHSA-j83x-r9qq-9g4v", "reference_id": "GHSA-j83x-r9qq-9g4v", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j83x-r9qq-9g4v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380998?format=api", "purl": "pkg:composer/froxlor/froxlor@2.0.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-38ph-pcue-zydu" }, { "vulnerability": "VCID-44fu-9q5x-uuf8" }, { "vulnerability": "VCID-7e6h-qe19-jken" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-dptm-3z1r-bubj" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-f15s-unrj-57ax" }, { "vulnerability": "VCID-gfgb-su1s-ubaj" }, { "vulnerability": "VCID-hhmm-9bdt-fyb5" }, { "vulnerability": "VCID-jvvz-9twe-8fb1" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tk6b-p759-jyfv" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-u4pt-mr2z-j3f2" }, { "vulnerability": "VCID-vbvy-j84s-zygu" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" }, { "vulnerability": "VCID-x93s-u6kq-fbbe" }, { "vulnerability": "VCID-y4zg-wf1d-4bcm" }, { "vulnerability": "VCID-yqdf-v5wf-j3bj" }, { "vulnerability": "VCID-zrvp-d87z-p7dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.13" } ], "aliases": [ "CVE-2023-1307", "GHSA-j83x-r9qq-9g4v" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xpgs-hpf3-3qff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/140366?format=api", "vulnerability_id": "VCID-y4zg-wf1d-4bcm", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.0.22.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4829", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21984", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21972", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21996", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21795", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4829" }, { "reference_url": "https://github.com/Froxlor/Froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Froxlor/Froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4829", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4829" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/4711a414360782fe4fc94f7c25027077cbcdf73d", "reference_id": "4711a414360782fe4fc94f7c25027077cbcdf73d", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T17:04:26Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/4711a414360782fe4fc94f7c25027077cbcdf73d" }, { "reference_url": "https://huntr.dev/bounties/babd73ca-6c80-4145-8c7d-33a883fe606b", "reference_id": "babd73ca-6c80-4145-8c7d-33a883fe606b", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T17:04:26Z/" } ], "url": "https://huntr.dev/bounties/babd73ca-6c80-4145-8c7d-33a883fe606b" }, { "reference_url": "https://github.com/advisories/GHSA-cvwv-h85m-w37h", "reference_id": "GHSA-cvwv-h85m-w37h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cvwv-h85m-w37h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379183?format=api", "purl": "pkg:composer/froxlor/froxlor@2.0.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-7e6h-qe19-jken" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-dptm-3z1r-bubj" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-jvvz-9twe-8fb1" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tk6b-p759-jyfv" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-u4pt-mr2z-j3f2" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" }, { "vulnerability": "VCID-x93s-u6kq-fbbe" }, { "vulnerability": "VCID-yqdf-v5wf-j3bj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.22" } ], "aliases": [ "CVE-2023-4829", "GHSA-cvwv-h85m-w37h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y4zg-wf1d-4bcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/358320?format=api", "vulnerability_id": "VCID-yqdf-v5wf-j3bj", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6069", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56855", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56975", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.5699", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56981", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6069" }, { "reference_url": "https://github.com/froxlor/froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/froxlor" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/9e8f32f1e86016733b603b50c31b97f472e8dabc", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/froxlor/commit/9e8f32f1e86016733b603b50c31b97f472e8dabc" }, { "reference_url": "https://huntr.com/bounties/aac0627e-e59d-476e-9385-edb7ff53758c", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.com/bounties/aac0627e-e59d-476e-9385-edb7ff53758c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6069", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6069" }, { "reference_url": "https://github.com/advisories/GHSA-4jch-8qq5-hqg6", "reference_id": "GHSA-4jch-8qq5-hqg6", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4jch-8qq5-hqg6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381051?format=api", "purl": "pkg:composer/froxlor/froxlor@2.1.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-7e6h-qe19-jken" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-dptm-3z1r-bubj" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-jvvz-9twe-8fb1" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-u4pt-mr2z-j3f2" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" }, { "vulnerability": "VCID-x93s-u6kq-fbbe" }, { "vulnerability": "VCID-yqdf-v5wf-j3bj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.1.0-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/381932?format=api", "purl": "pkg:composer/froxlor/froxlor@2.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-7e6h-qe19-jken" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-dptm-3z1r-bubj" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-jvvz-9twe-8fb1" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-u4pt-mr2z-j3f2" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" }, { "vulnerability": "VCID-x93s-u6kq-fbbe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.1.0" } ], "aliases": [ "CVE-2023-6069", "GHSA-4jch-8qq5-hqg6" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yqdf-v5wf-j3bj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/151505?format=api", "vulnerability_id": "VCID-zrvp-d87z-p7dy", "summary": "Improper Encoding or Escaping of Output in GitHub repository froxlor/froxlor prior to 2.0.21.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3668", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28011", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28225", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28211", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28234", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3668" }, { "reference_url": "https://github.com/froxlor/froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3668", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3668" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/03b5a921ff308eeab21bf9d240f27783c8591965", "reference_id": "03b5a921ff308eeab21bf9d240f27783c8591965", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-28T20:31:42Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/03b5a921ff308eeab21bf9d240f27783c8591965" }, { "reference_url": "https://huntr.dev/bounties/df8cccf4-a340-440e-a7e0-1b42e757d66e", "reference_id": "df8cccf4-a340-440e-a7e0-1b42e757d66e", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-28T20:31:42Z/" } ], "url": "https://huntr.dev/bounties/df8cccf4-a340-440e-a7e0-1b42e757d66e" }, { "reference_url": "https://github.com/advisories/GHSA-c6v5-pf66-xfq8", "reference_id": "GHSA-c6v5-pf66-xfq8", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c6v5-pf66-xfq8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381578?format=api", "purl": "pkg:composer/froxlor/froxlor@2.0.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-38ph-pcue-zydu" }, { "vulnerability": "VCID-7e6h-qe19-jken" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-dptm-3z1r-bubj" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-jvvz-9twe-8fb1" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tk6b-p759-jyfv" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-u4pt-mr2z-j3f2" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" }, { "vulnerability": "VCID-x93s-u6kq-fbbe" }, { "vulnerability": "VCID-y4zg-wf1d-4bcm" }, { "vulnerability": "VCID-yqdf-v5wf-j3bj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.21" } ], "aliases": [ "CVE-2023-3668", "GHSA-c6v5-pf66-xfq8" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zrvp-d87z-p7dy" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@0.10.0-rc2" }